Digital Data Protection Impact Assessment (DPIA) ALPHA

Project details:

Organisation Greater Manchester Combined Authority
Department Digital - Information Governance
Collaboration Level Share Ideas
Budget £50K > £100k
Key Contact Stephen Girling
Phase start 03 December 2018
Phase Estimated end 26 April 2019

Tags

Description

Data Protection Impact Assessment (DPIA) are a requirement of data protection legislation but are seen as an intensive and onerous process. We know a range of templates are currently used resulting in a complicated and fragmented approach particularly across partnerships. Challenges include that process are reliant on a small number of specialist staff causing capacity issues. Process are not user friendly enough to enable general staff to complete them and there is a lack of confidence / understanding to answer key questions appropriately. There are issues around document control including tracked changes and responses to Data Protection Officer recommendations. A more coherent approach to access and storage is also need, DPIAs are living documents – A central repository will allow ease of access across delivery teams and the sharing of best practice. There is also the opportunity to reduce duplication by ensuring information collated through DPIA processes is used to support complementary processes e.g. risk registers and risk identification.

Our solution is the creation of a universal and compliant Digital DPIA Tool to empower and support staff. It will also support the generation of a privacy risk register, an aspect that has been highlighted as a challenging area of work.

At a basic level success would the creation of an easy to use product with minimal IT support, hosting costs and training requirements that would be used with GM and has the potential to be used at scale. Creating a more ergonomic and user friendly DPIA process that all staff feel comfortable with and providing crucial technical support. Saving partners time and capacity but ultimately removing barriers to the creation of compliant DPIA. Supporting a culture shift that meets the legal requirement of ‘data protection by design and by default’. Success would be measured by user engagement, key partner feedback and ultimately through the quality of DPIAs produced with GM.

People

Watchers

Contributers

Status Updates

15 March 2019

  • Stephen Girling

    Project Update 15th March 2019

    Development has been progressing well this week. The focus area continues to be the Digital DPIA screening questions, the roles and statuses within the tool and the user registration functionality. The project team are getting together for a workshop this coming Monday 18th March which will be a great opportunity to take stock of where we are and focus on some key areas to enable the next phase of development. The agenda for the day is: Risk matrix and management within the tool, Project benefits realisation and stakeholder engagement planning for the next six weeks. 

    Following on from the workshop, we should be in a position to circulate invites to a variety of show and tell and user research sessions, so stay tuned for these!

    MHCLG - GDS Academy Agile for Teams Training

    This week myself and Peter from the project team attended the GDS Academy Agile for Teams training. The three day training event was very useful to attend and we took away valuable learnings for both future phases of the Digital DPIA project and for our IG team as a whole. 

    In the training, we learnt about Agile as an approach and the history of Agile. We learnt about the specific discipline of Scrum with the Agile framework and the benefits this can bring to digital developments. We then ended the training learning about Kanban and ways of visually managing projects and work. The training was very enjoyable with lots of interesting and relevant exercises which helped to bring the theory to life. 

    Here are a selection of photos from the training including our Lego animal!

    As always, keep up to date with project progress by following our Twitter account @GMCAdigital or by searching the hashtags #FixThePlumbing, #DigitalDPIA and #LocalDigitalFund

    Until next time!

    Steve

    P.S. Today, on my way back to the office after lunch I was stopped by two people who were filming reactions of Manchester football fans to the Champions League draw. I volunteered and they apparently film for a platform which goes out in China. Therefore if you never hear from me again it is because the interview I gave I was so insightful that I now work overseas as a Manchester football correspondent!...So you will definitely hear from me again!