Evaluating your data protection activities

The Information Governance team can help you manage some of these risks by evaluating your data processing activity. 

Delivering services effectively often requires us to process personal and organisational information. A breach of this information could cause damage or distress to individuals or pose a reputational and financial risk to the council. The Information Governance team can help you minimise these risks. 

Under data protection legislation everyone must complete a Data Privacy Impact Assessment (DPIA) where data processing is considered to be high risk data processing. We use the Information Governance Activity Evaluation (IGAE) to work out when a DPIA is necessary or if a simpler risk assessment would be a better approach.  

Both assessments will cover information security, data quality and privacy very carefully, however a DPIA will be more detailed due to the higher risk toward data processing.​ 

Submitting an information governance activity evaluation 

Unless you are buying consumables, most activities such as procuring services will involve some form of personal or business information that requires protection and it is likely that the Information Governance Team need to evaluate your data processing activity.  

To start this process, you must complete an IGAE by: 

  1. ​Downloading and completing the Information governance activity evaluation form (DOCX, 250KB). You can also read guidance on how to ​complete the form (DOCX, 40KB).
  2. Submit your IGAE on the Assyst portal ​by selecting the following categories:​​ Services > Information Governance Services > IG Activity Evaluation. You will need to copy and paste some basic details from your IGAE onto the online portal request. 
  3. Attach the evaluation document at the end of the request. 

The Information Governance team will review your request, determine which assessment route is required and provide you with the relevant support. 
 

How to make a request

You can make a request for advice from Information Governance on the Assyst portal. Even if you are not sure if you do need help, you can use this form to find out. 

You can use the Data protection compliance questionnaire (DOCX, 27KB) for any procurement or purchasing activities that involved processing personal information.

You can read guidance on how to complete the data protection compliance questionnaire (DOCX, 215KB).