Scottish Health Survey: data protection impact assessment (DPIA)
Reports on and assesses against any potential privacy impacts as a result of undertaking the Scottish Health Survey.
10. Authorisation and publication
The DPIA report should be signed by your Information Asset Owner (IAO). The IAO will be the Deputy Director or Head of Division.
Before signing the DPIA report, an IAO should ensure that she/he is satisfied that the impact assessment is robust, has addressed all the relevant issues and that appropriate actions have been taken.
By signing the DPIA report, the IAO is confirming that the impact of applying the policy has been sufficiently assessed against the individuals’ right to privacy.
The results of the impact assessment must be published in the eRDM with the phrase “DPIA report” and the name of the project or initiative in the title.
Details of any relevant information asset must be added to the Information Asset Register, with a note that a DPIA has been conducted.
I confirm that the impact of (undertaking the project/applying the policy – add appropriate wording) has been sufficiently assessed against the needs of the privacy duty:
Name and job title of a IAO or equivalent and date each version authorised
Angela Campbell, Head of Health & Social Care Analytical Services – Authorised April 2018
Nicola Edge/Anita Morrison, Heads of Health & Social Care Analytical Services – November 2019
Nicola Edge/Anita Morrison, Heads of Health & Social Care Analytical Service – May 2021
Nicola Edge/Anita Morrison, Heads of Health & Social Care Analytical Service – April 2023
Nicola Edge/Anita Morrison, Heads of Health & Social Care Analytical Service – June 2025