The ICO exists to empower you through information.

Step 7: Sign off and record outcomes

Item Name/position/date Notes
Measures approved by:   Integrate actions back into project plan, with date and responsibility for completion.
Residual risks approved by:   If accepting any residual high risk, consult the ICO before going ahead.

DPO advice provided:

  1. The level of risk is acceptable - subject to controls identified
  2. Confirm accepted controls have been deployed or will be prior to processing
  3. Prior consultation with the ICO not required.
A Person DPO should advise on compliance, step 6 measures and whether processing can proceed.
Summary of DPO advice:

DPO advice accepted or overruled by:   If overruled, you must explain your reasons.

Consultation responses reviewed by:   If your decision departs from individuals’ views, you must explain your reasons.
This DPIA will be kept under review by:   The DPO should also review ongoing compliance with DPIA.

This document is made available on the basis that the user understands that:

  • they remain fully liable for their own legal and regulatory obligations;
  • the ICO does not accept any liability for any reliance that might be placed on any feedback, comments or other input it might provide; and
  • providing this sample DPIA does not prevent or limit the ICO’s ability to take any enforcement action or other regulatory action against companies that might use the sample as the basis for their own DPIA, if the ICO deems such action is appropriate.