A Data Protection Impact Assessment is the process of systematically considering the potential impact that a project or initiative might have on the privacy of individuals. It will allow practices to identify potential privacy issues before they arise and come up with a way to mitigate them.
As a practice team consider when you might need to do a DPIA. Examples of this are new or current marketing initiatives or relocating the reception desk into the waiting room.
For these and any other practice initiatives you may have planned, or you plan in the future you should ‘systematically consider the potential impact’ these could have on your patients or staff and consider how you could mitigate any potential privacy issues.
Record your systematic considerations and what measures you plan to put in place to mitigate any risks to privacy.
Data Protection by design and default
It has always been an implicit requirement and therefore good practice to adopt ‘privacy by design’ as a default approach
UK GDPR now enshrines ‘privacy by design’ and ‘privacy by default’ in law. That means all privacy settings must be automatically privacy-friendly.