Help Centre

Folelse's DPIA workflow guides you through all six steps required by the ICO. Each step must be saved before moving to the next. DPIAs auto-save every 60 seconds.

Step 1 — Screening

Answer the 9 ICO criteria questions with Yes, No, or Skip. Folelse calculates your risk score. If 2 or more criteria are Yes, a full DPIA is recommended. The screening result and your answers are recorded in the DPIA audit trail.

Step 2 — Processing Description

Describe the processing in plain language: what data will be collected, from whom, by what means, and for what purpose. Include the systems involved and the legal basis. This section is often the most scrutinised by DPOs and the ICO, so be thorough.

Step 3 — Necessity and Proportionality

Explain why this processing is necessary — could the purpose be achieved with less data or a less intrusive method? Assess whether the processing is proportionate to the risk and the legitimate aim. Consider alternatives you rejected and why.

Step 4 — Risk Assessment

Identify specific risks to individuals from the processing. For each risk, assess:

• Risk description — what could go wrong (e.g. "unauthorised access to patient records").
• Likelihood — Low, Medium, or High.
• Severity of impact on the individual — Low, Medium, or High.
• Mitigation measures — what technical or organisational controls reduce the risk.
• Residual risk after mitigation — the risk level that remains.

Step 5 — DPO Consultation

Tick the confirmation box that your DPO has been consulted and record their advice. If the residual risk remains High after mitigation, you must also consult the ICO before starting the processing (prior consultation under Article 36).

Step 6 — Outcome and Approval

Record the outcome: whether processing can proceed, with or without conditions. Enter the approver's name and the date of approval. Set the review date (DPIAs should be reviewed if the processing changes significantly, or at least every 3 years).