DPIA Summaries

Last updated on 19 May 2021

Data Protection Impact Assessment (DPIA) Summaries for NHS Health Research Authority

What is a data protection impact assessment?

The Data Protection Impact Assessment (DPIA) is a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.

To determine if a DPIA is required a privacy screening template is completed using questions based on ICO published guidance.  The responses are reviewed by Information Governance and the Information asset Owner / Administrator to determine if a DPIA is required.

If there is no personal data involved, it has been anonymised or there are no high risks then a DPIA will not be undertaken.


The information on this page only shows DPIAs completed and signed off by Information governance and the Information Asset Owner.

DPIA Summaries

Project / Process name Description High risk processing?
(large scale processing of special category data)
Information Commissioner's Office notification required? DPO recommendation / conclusion Date completed
Member Equality & Diversity Committee member Equality and Diversity declarations monitored to ensure Equality and Diversity legislation obligations are being met No No Risks addressed with HRA Privacy notice updated.
Process modified to ensure equality and diversity information provided in a secure manner. Future consideration of processing of membership details using an alternative system to further streamline process.
29 May 2020
HRA Volunteer's Panel Establishment of a Volunteers Panel to help us ensure HRA volunteers feel supported, valued and part of the organisation. The panel will have a diverse membership to reflect a range of perspectives from the different lived experiences of our volunteers. No No Risks accepted by Executive Committee. Expressions of interest form with explicit consent sought to include special category data to support diverse membership of the panel with access limited to minimal individuals and subsequently destroyed. HR advice also provided. 16 December 2020
HRA Volunteer's survey Survey to be sent to all members to:
• Establish a baseline of satisfaction
• Identify problems that detract from the volunteering experience
• Gain ideas as to how we can improve the volunteering experience
• Establish a baseline demographic profile of the volunteer base
No No Risks accepted. All responses will be anonymous. 9 February 2021
Research Systems Programme - IRAS Pega platform The Research Systems Programme was tasked with delivering the new Pega IRAS in line with changes to the Clinical Trials Regulations and to adapt to the EU exit by ensuring that the UK continues to remain an attractive destination for health research investment.
Pega IRAS is a modern, data-driven, scalable research system essential to UK competitiveness to enhance system-wide data sharing, increase transparency, improve market intelligence, reduce unnecessary duplication and provide greater value to the public purse.
No No Risks largely accepted however further clarification to be provided regarding transfer of data from legacy system and consideration of data retention / storage limitation principle. This will be taken forward when apprpriate individual on board. 21 April 2021
Back to privacy notice