DPIA timeliness

Dear Clara

I am writing to acknowledge receipt of your request for information under
the Freedom of Information Act (FOIA).

Your request is receiving our attention and you will hear from us again
within 20 working days at the latest.

Yours sincerely

Freya Austin

Freya Austin | Information Rights Assistant,

Information Rights, University Secretary’s Office

The Open University, Level 5, Charles Pinfold Building, Walton Hall,
Milton Keynes, MK7 6AA
Email: [1][Open University request email]  

[2]rule.png

[3]Freedom of Information Publication Scheme

show quoted sections

Dear Clara,

Thank you for your request under the Freedom of Information Act (FOIA)
dated 5^th May 2023 relating to DPIAs.

Information Provided

I can confirm that the Open University partly holds the information which
constitutes information falling within the scope of your request. Please
see the response to your request highlighted below in blue:

1. Does your university have a KPI for DPIAs and DPQs?

The University does not hold this information. The University has not
implemented a Key Performance Indicator (KPI) in respect of DPIAs ( Data
Protection Impact Assessments -a UK GDPR mandated tool for assessing
privacy risks) and DPQs (Data Protection Questionnaires - an ancillary
tool for assessing privacy risks) . However the University has in place a
comprehensive system for implementing the UK GDPR driven principles of
data protection by design and default: tailored pro forma Data Impact
Assessments  and Data Protection Questionnaires are provided for all
staff, and a data protection standard has been published which specifies
how and when the assessment tools of DPIAs and DPQs should be employed to
identify and mitigate against privacy risks.

2. How many DPIAs and DPQs have been submitted in the last year?

235

3. How many of these were responded to outside the KPI?

The University does not hold this information- a KPI is not applied by the
University.

4. In line with article 30 how many times has the DPO been informed of the
delay in response?

The University does not hold this information, but the Data Protection
Officer (DPO)  has a pivotal role in the application of the principles of
data protection by design and default and the application of DPIAs and
DPQs as effective privacy assessment tools.

Intellectual Property Rights

This information provided in response to the FOIA will be subject to
copyright protection. In most cases the copyright will be owned by the
Open University.  The copyright in other information may be owned by
another person or organisation, and this will be indicated on the
information itself. You are free to use any information supplied for your
own non-commercial use or private study purposes.  The information may
also be used for any other purpose allowed by a limitation or exception in
copyright law, such as news reporting.  However, any other type of re-use,
for example by publishing the information in analogue or digital form,
including on an online format, will require the permission of the
copyright owner.

Review

If you have any concerns about the way the University has observed the
provisions of the Freedom of Information Act you may apply for your
request to be reviewed.  Freedom of Information Reviews are considered by
the University Secretary or his delegate.  Your request must be submitted
within 40 working days of receipt of this letter/email. Reviews should be
addressed to the above [1]inbox, entitled “FOIA Review”, and should set
out the reasons for the review.   You will have a further right of appeal
to the [2]Information Commissioner’s Office.

Kind regards

[3]The Open University logo

Danielle Pyper (she/her), Information Rights Co-Ordinator
Information Rights Team, University Secretary’s Office

[4]+44 (0)1908 332825
[email address]
[5]open.ac.uk
The Open University, Walton Hall, Milton Keynes, United Kingdom, MK7 6AA

References

Visible links
1. mailto:[email address]
2. https://ico.org.uk/
4. file:///tmp/tel:/+4401908332825/
5. The Open University website
http://www.open.ac.uk/