AKADATA DATA PROTECTION IMPACT ASSESSMENT TEMPLATE This template follows UK GDPR Article 35 and the ICO DPIA process. Store completed copies securely alongside project change logs and governance records. CONTROLLER DETAILS - Name of controller: - Company registration number: - Controller address: - DPIA lead: - Data Protection Officer: - Contact email: - Contact telephone: PROJECT DETAILS - Project name: - Project owner: - Project summary: - Planned start date: - Planned review date: STEP 1 — IDENTIFY THE NEED FOR A DPIA - What is the project trying to achieve? - What types of processing are involved? - Why might the processing result in a high risk to individuals? STEP 2 — DESCRIBE THE PROCESSING - Nature of the processing: - Scope of the processing: - Context of the processing: - Purpose of the processing: - Personal data categories: - Data subject groups: - Data sources and recipients: - Retention period: - Geographic location and international transfers: STEP 3 — CONSULTATION - Internal stakeholders consulted: - Data subjects or representatives consulted: - Reasons consultation was not appropriate, if applicable: - Advice received and actions taken: STEP 4 — NECESSITY AND PROPORTIONALITY - Lawful basis: - How does the processing achieve the stated purpose? - Could the purpose be achieved with less data? - How will data quality and minimisation be maintained? - What information will be provided to individuals? - How will individual rights be supported? - What processor and transfer safeguards apply? STEP 5 — IDENTIFY AND ASSESS RISKS For each risk record: - Risk description: - Source of risk: - Nature of impact on individuals: - Likelihood rating: - Severity rating: - Overall risk level: STEP 6 — IDENTIFY MEASURES TO REDUCE RISK For each measure record: - Risk reference: - Options to reduce the risk: - Effect on risk: - Residual risk level: - Measure approval status: STEP 7 — SIGN OFF AND RECORD OUTCOMES - Measures approved by, position, and date: - Residual risks approved by, position, and date: - DPO advice and whether it was accepted: - Consultation responses reviewed by: - Person responsible for keeping the DPIA under review: - Project sign-off name and title: - Signature and date: - Review date: - Next review date: Akadata Limited — privacy-first delivery, data minimisation, lawful handling, encryption, least privilege, and transparent audit trails.