This code explains the principles that form the basis of a Privacy Impact Assessment (PIA). The main body of the code sets out the basic steps that an organization should carry out during the PIA process. The practical implementation of the basic principles will depend on the organization's usual business practice.
The code will be useful to any organization that is thinking about conducting a PIA. The process described in the guidance is designed to be flexible enough to work for organiations of any size and in any sector. The code will also work across a range of privacy and data protection issues.
The annexes at the back of the code are intended to provide a starting point for the implementation of the PIA. They include a set of screening questions to help organizations identify when a PIA is necessary, and a template that can be used to help produce a PIA report.