What is a DPIA?
A DPIA is a process designed to help you systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of your accountability obligations under the UK GDPR, and when done properly helps you assess and demonstrate how you comply with all of your data protection obligations.
It does not have to eradicate all risk, but should help you minimise and determine whether or not the level of risk is acceptable in the circumstances, taking into account the benefits of what you want to achieve.
What do practices need to do about it?
💡 As a practice you will need to review the DPIA and keep a record of it - It doesn't need to be sent to anyone!
As the data controller when using accuRx, it is your responsibility to complete a DPIA.
As a data processor, we cannot complete it for you. However, to be as helpful as we can, we have filled in the key parts of DPIA Templates for:
accuRx Desktop (for GPs on EMIS and SystmOne)
A breakdown of the accuRx Desktop DPIA
More information on IG and Security
How to delete a photo from accuRx - permanent deletion of audit trail
How does accuRx Desktop check for consent within the patient record
If there's anything else we can help with that's not covered above, you can chat to us using the little green speech bubble in the bottom right hand corner of the website 👉