Amy-Term
Data Protection Impact Assessment (DPIA) Template
Template for Amy-Term deployments (terminology management + federation distribution). Complete and store this document within your organisation’s DPIA register.
Document control
Processing description
Necessity & proportionality
Stakeholders
Risk methodology
Risks & mitigations
Privacy by design
Residual risk & decision
Default scope statement: Amy-Term is not intended to store patient clinical records.
Any patient data processing is out of scope unless explicitly enabled and assessed.
1. Document control
| DPIA reference | [DPIA-ID] |
|---|---|
| System / service name | Amy-Term (Terminology platform) |
| Deployment environment | [DEV / QA / PROD] |
| Organisation (Controller) | [Controller legal entity] |
| Prepared by | [Name, role] |
| DPO / privacy contact | [Name, email] |
| Security contact | [Name, email] |
| Version | [v1.0] |
| Date | [YYYY-MM-DD] |
| Status | [Draft / Approved / Superseded] |
Print-friendly: use your browser print function to export to PDF.
Outcome summary
Overall risk: [Low / Medium / High]
Set after assessing risks and mitigations below.
Decision: [Proceed / Proceed with conditions / Do not proceed]
Record approvals and required actions before go-live.
Consult supervisory authority? [Yes / No]
Required if high residual risk remains after mitigations (GDPR Article 36).
Approvals
| Role | Name | Date | Decision |
|---|---|---|---|
| Controller owner | [Name] | [YYYY-MM-DD] | [Approve/Reject] |
| DPO (if applicable) | [Name] | [YYYY-MM-DD] | [Approve/Reject] |
| Information security | [Name] | [YYYY-MM-DD] | [Approve/Reject] |