Folelse

Product

Features Live Demo Pricing Roadmap

NHS & Compliance

DSPT Guidance NHS Data Guide ICO Resources Free DPA Template

Resources

Blog Resource Hub FAQ

Company

About System Status
Support
Log in Get started free

Help Centre

DPIAs 4 min read

Managing, reviewing, and versioning DPIAs

DPIAs are living documents. They must be reviewed whenever the underlying processing changes, and should be reviewed periodically even if nothing has changed (the ICO recommends at least every 3 years).

DPIA status meanings

  • Screening — the screening questionnaire is in progress.
  • In Progress — screening complete; the full DPIA is being written.
  • Approved — the DPIA has been signed off. The record is locked.
  • Not Required — screening confirmed a DPIA is not needed. The screening record is retained as evidence.
  • Overdue — the review date has passed and the DPIA has not been reviewed.

What triggers a mandatory review

  • The purpose of processing changes.
  • New systems or suppliers are introduced.
  • The volume or categories of data processed change significantly.
  • A data breach or near-miss occurs related to this processing.
  • Relevant legislation or ICO guidance changes.
  • The DPIA review date is reached.

How to create a new version of an approved DPIA

  1. 1 Open the approved DPIA.
  2. 2 Click "Create New Version".
  3. 3 The previous version is archived automatically.
  4. 4 A new editable DPIA is created, pre-populated with the previous version's answers.
  5. 5 Update the relevant sections and complete the approval workflow again.

Need more help with this?

Contact support

Related articles

When is a DPIA legally required? 4m Completing all six DPIA steps 8m
Back to DPIAs