The PIA screening questions
Once you have completed the preparation and gathered the information together, you can carry out the screening process. This involves applying criteria described in the following section of the handbook.
The purpose of the screening process is to ensure that the investment the organisation makes is proportionate to the risks involved. Depending on the scope and size of the project, only some elements of this handbook will be relevant in any given case.
This part of the handbook contains a PIA screening tool. Answering these four sets of questions about the project should provide an indication of whether a PIA is needed, and if so, whether the project requires a full-scale PIA, a small-scale PIA or just a check against compliance with the law.
The following section shows the decision making process for conducting a PIA.
Is a full-scale PIA recommended?
Do the key characteristics of the project indicate that a full-scale PIA is needed?
See the screening questions in Appendix 1 Step 1.
If yes then conduct a full-scale PIA (Chapter IV), a privacy law compliance check (Chapter VI) including data protection compliance check (Chapter VII).
If a full-scale PIA is not recommended then:
Is a small-scale PIA recommended?
Do the project characteristics indicate that a small-scale PIA is needed? See the screening questions in Appendix 1 Step 2.
If yes then conduct a small-scale PIA and a privacy law compliance check (Chapter VI) including data protection compliance check (Chapter VII).
If a small-scale PIA is not recommended then:
Is privacy law compliance checking recommended?
Are any of the activities subject to any form of privacy law?
If yes then conduct a privacy law compliance check (Chapter VI) including data protection compliance check (Chapter VII).
If a privacy law compliance check is not recommended then:
Is Data Protection Act compliance checking recommended?
Do the activities involve the handling of ‘personal data’?
If yes then conduct a data protection compliance check (Chapter VII).