Record of Processing Activities (ROPAs)

In order to comply with article 30 of the UK General Data Protection Regulation (GDPR) and UK Data Protection Act 2018, the Trust is required to publish a record of its processing activities and to complete Data Protection Impact Assessments (DPIAs). 

DPIA is a process which helps assess privacy risks to individuals and identifies the legal basis for the collection, use and disclosure of information, known as processing. 

All new projects, initiatives and processes that involve using or sharing personal information will require a completed Data Protection Impact Assessment  at the initial stages and prior to any procurement decision being made. All Data Protection Impact Assessments when completed will be submitted to the Data Protection Officer and/or the Information Governance Group for approval.

A summarised copy of our record of its processing activities is shown below.

This document is reviewed monthly by the Trust Information Governance team and will be updated following review on a regular basis.