Visit the Data Protection by Design web page
The Data Protection by Design framework, administered by the University of Oxford Compliance team, is designed to embed data protection into University processes, including research. Any new activity which involves collecting, processing, or otherwise working with personal data should work through the framework. This will help to ensure the rights of individuals are safeguarded, and that the University can meet its obligations under GDPR.
The framework includes an initial screening assessment, designed to determine whether the project is a higher or lower risk one. Depending on the outcome, a further questionnaire (either a DPA or a fuller DPIA) should be completed. This will then need to be signed off by your Head of Department, and (in the case of the DPIA) the University's Data Protection Officer, via the Compliance team. The questions will help you think through what's needed to ensure that personal data is handled appropriately, and the completed documents form an important part of the University's record keeping.
