Data protection impact assessments
Where a type of processing of personal data, using new technology, and considering the nature, scope, context and purposes of the processing, is likely to result in a high risk to the privacy of individuals then officers must prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the individuals. As part of this process officers must seek the advice of the data protection officer.
Further guidance exists as to when an impact assessment should be undertaken and how. In certain circumstances the Information Commissioner may need to be consulted.