Using your assessment for your DPIA
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
A best interests of the child assessment supports your DPIA, it is not a replacement or a separate compliance exercise. A DPIA is obligatory for all organisations in-scope of the code. You will have covered many steps within the DPIA by following the steps in this guidance. This includes describing your processing, identifying and assess risks, and measures to mitigate them.
To find out more about DPIA’s please visit standard 2 of the children’s code, data protection impact assessment, or visit our detailed guidance which explains what a DPIA is and when you need to do it.
We have developed a DPIA template specifically for the Children’s code alongside sample DPIAs for hypothetical online retail, gaming and connected toy scenarios to give you a reference point for completing your organisation’s DPIA.
To demonstrate your accountability you can publish your DPIA. Parents, civil society groups and other stakeholders will want to assure themselves you conform with the code.
Further reading