DPO Programme – Module 5 (Virtual)
October 21 @ 2:00 pm - 4:30 pm
Number of capacity: 15
Summary
This applied workshop guides delegates through the lifecycle of a Data Protection Impact Assessment (DPIA), focusing on defensible risk reasoning and mitigation discipline.
It uses a structured case study to embed the requirements of Articles 35–36 into GP governance practice.
A 2.5-hour DPIA workshop covering:
- DPIA trigger test (high-risk processing)
- Processing description and data flow mapping
- Necessity and proportionality analysis
- Risk identification and structured scoring
- Mitigation design and documentation
- DPO consultation recording
- Residual risk acceptance
- Governance sign-off model
Mapped to NHS DSPT Standards 1–3.
Course Content
- Determining when a DPIA is legally required
- Risk identification and structured scoring model
- Designing specific mitigation strategies
- Recording DPO advice and residual risk
- Embedding DPIA into project lifecycle governance
Expected Outcome
- Conduct a legally defensible DPIA
- Apply necessity and proportionality rigorously
- Integrate DPIA governance into operational decision-making