Schedule A - Data Protection Impact Assessment. If a data protection impact assessment (DPIA) has been conducted in respect of the data sharing to which this Data Sharing Agreement relates, a summary of the matters referred to in Article 35(7) of the GDPR is required to be filled in the table below. If a data protection impact assessment has not been conducted as it is not mandatory where processing is not “likely to result in a high risk to the rights and freedoms of natural persons” (Article 35 of the GDPR), outline the reasons for that decision in the table below. Has been conducted [select appropriately] ☐ Has not been conducted [select appropriately] ☒ DAFM, as Lead Agency and in accordance with its own policies and procedures as a Data Controller, has conducted an evaluation in order to determine whether a DPIA is necessary. As part of this evaluation, it considered that this processing was in place prior to 25 May 2018, that data is not being processed for a new purpose and no changes to how this data is processed have been made. DPIA was not conducted as the process does not involve:A systematic and extensive evaluation of personal aspects related to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning individuals or similarly significantly affect individuals A systematic monitoring of a publicly accessible area of a large scale Under S.20(4) of Data Sharing and Governance Act, an amended draft agreement must be submitted for review to the Data Governance Board in accordance with Part 9, Chapter 2 of the Data Sharing and Governance Act.
Appears in 2 contracts
Samples: Data Sharing Agreement, Data Sharing Agreement
Schedule A - Data Protection Impact Assessment. If a data protection impact assessment (DPIA) has been conducted in respect of the data sharing to which this Data Sharing Agreement relates, a summary of the matters referred to in Article 35(7) of the GDPR is required to be filled in the table below. If a data protection impact assessment has not been conducted as it is not mandatory where processing is not “likely to result in a high risk to the rights and freedoms of natural persons” (Article 35 of the GDPR), outline the reasons for that decision in the table below. Has been conducted [select appropriately] ☐ Has not been conducted [select appropriately] ☒ DAFM, as Lead Agency and in accordance with its own policies and procedures as a Data Controller, has conducted an evaluation in order to determine whether a DPIA is necessary. As part of this evaluation, it considered that this processing was in place prior to 25 May 2018, that data is not being processed for a new purpose and no changes to how this data is processed have been made. DPIA was not conducted as the process does not involve:: A systematic and extensive evaluation of personal aspects related to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning individuals or similarly significantly affect individuals individuals. A systematic monitoring of a publicly accessible area of a large scale Under S.20(4) of Data Sharing and Governance Act, an amended draft agreement must be submitted for review to the Data Governance Board in accordance with Part 9, Chapter 2 of the Data Sharing and Governance Act.
Appears in 1 contract
Samples: Data Sharing Agreement
Schedule A - Data Protection Impact Assessment. If a data protection impact assessment (DPIA) has been conducted in respect of the data sharing to which this Data Sharing Agreement relates, a summary of the matters referred to in Article 35(7) of the GDPR is required to be filled in the table below. If a data protection impact assessment has not been conducted as it is not mandatory where processing is not “likely to result in a high risk to the rights and freedoms of natural persons” (Article 35 of the GDPR), outline the reasons for that decision in the table below. Has been conducted [select ☐ appropriately] ☐ Has not been conducted [select appropriately] ☒ DAFM, as Lead Agency and in accordance with its own Has not been conducted [select appropriately] ☒ policies and procedures as a Data Controller, has conducted an evaluation in order to determine whether a DPIA is necessary. As part of this evaluation, it considered that this processing was in place prior to 25 May 2018, that data is not being processed for a new purpose and no changes to how this data is processed have been made. DPIA was not conducted as the process does not involve:: A systematic and extensive evaluation of personal aspects related to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning individuals or similarly significantly affect individuals individuals. A systematic monitoring of a publicly accessible area of a large scale Under S.20(4) of Data Sharing and Governance Act, an amended draft agreement must be submitted for review to the Data Governance Board in accordance with Part 9, Chapter 2 of the Data Sharing and Governance Act.scale
Appears in 1 contract
Samples: Data Sharing Agreement
