Javascript is required
logo-dastralogo-dastra

Audit model ICO DPIA process checklist

ICOPIA
"This checklist ensures that Data Protection Impact Assessments (DPIAs) follow a complete and compliant process under the UK GDPR, from scoping and consultation to risk mitigation, documentation, and ongoing review. More information here: https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/accountability-and-governance/guide-to-accountability-and-governance/data-protection-impact-assessments/ This checklist is provided for general guidance only and does not constitute legal advice. Completing it does not replace a full risk assessment or professional legal consultation. Organisations remain responsible for ensuring compliance with the UK GDPR and for seeking expert advice where necessary.

1. ICO DPIA process checklist

1.1. We describe the nature, scope, context and purposes of the processing.
1.2. We ask our data processors to help us understand and document their processing activities and identify any associated risks.
1.3. We consider how best to consult individuals (or their representatives) and other relevant stakeholders.
1.4. We ask for the advice of our data protection officer
1.5. We check that the processing is necessary for and proportionate to our purposes, and describe how we will ensure compliance with data protection principles.
1.6. We do an objective assessment of the likelihood and severity of any risks to individuals’ rights and interests.
1.7. We identify measures we can put in place to eliminate or reduce high risks.
1.8. We record our decision-making in the outcome of the DPIA, including any difference of opinion with our DPO or individuals consulted.
1.9. We implement the measures we identified, and integrate them into our project plan.
1.10. We consult the ICO before processing, if we cannot mitigate high risks.
1.11. We keep our DPIAs under review and revisit them when necessary
Created at:07/10/2025
Updated on :07/25/2025
License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC AttributionPas d'utilisation commerciale
Author :
Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
Build my audit

Access all our audit templates

Try Dastra now to access all of our audit templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Build my audit
Subscribe to our newsletter

We'll send you occasional emails to keep you informed about our latest news and updates to our solution

* You can unsubscribe at any time using the link provided in each newsletter.