Ms Teresa Kelly
Information Access Team
Via e-mail to:
Communications Directorate
request-553907-
T 020 3461 4878
xxxxxxxx@xxxxxxxxxxxxxx.xxx
F 020 3461 5460
xxxxxxxxx@xxxxxxxxxxxxx.xx.xx
18 March 2019
Please quote ref. CAS-05622-T2V1S6 on all
correspondence
Dear Ms Kelly
Thank you for your email of 20 February in which you ask for access to the following under the Freedom
of Information Act 2000 (‘FoI Act’):
‘…a copy of your ful GDPR Data Protection Impact Assessment (DPIA)
questionnaire/assessment/template. It can be blank with no responses included so there is no
concern with any sensitive data being released. This request should include any preliminary
questions or any questions/mechanism for determining if a DPIA is required to be completed.
Please also confirm the number of DPIA's that have been completed since May 2018.’
Please find enclosed a copy of the Bank of England’s (the ‘Bank’s’) GDPR Data Protection Impact
Assessment (‘DPIA’) template.
I can confirm that the Bank has completed four DPIAs during the period 25 May 2018 to 20 February 2019
(the date of your request).
Yours sincerely
Heena Rabadia
Information Access Team
Your right to complain under the FoI Act
If you are unhappy with the Bank’s response, you may ask for that decision to be reviewed internally. Please note that this will be
subject to the Bank having received your submission within two months of the date of this response. In order to submit an internal
review, please set out the grounds for your appeal and send it to Wendy Galvin, Information Access Team (TS-Mz), Communications
Directorate, Bank of England, Threadneedle Street, London, EC2R 8AH or by email to xxxxxxxxx@xxxxxxxxxxxxx.xx.xx for the
attention of Wendy Galvin.
If you are not content with the outcome of the internal review, you have the right to apply directly to the Information Commissioner for
a decision. The Information Commissioner can be contacted at The Information Commissioner’s Office, Wycliffe House, Water Lane,
Wilmslow, Cheshire, SK9 5AF.
Privacy notice
When you contact us, the Bank collects information about you. This includes your name, contact details and anything you choose to
disclose in your correspondence.
We collect your personal data to assess your request and prepare our response to you. Our basis to process this data is that it is
necessary for us to satisfy a legal obligation.
Bank of England, Threadneedle Street, London EC2R 8AH T +44 (0)20 3461 4444 www.bankofengland.co.uk
2
We will keep your personal data for 10 years. You can request that we no longer use your personal data, by contacting us via the
website link below.
You have a number of rights under data protection laws, for example you have the right to ask us for a copy of the personal data the
Bank holds about you. This is known as a ‘Subject Access Request’. You can ask us to change how we process or deal with your
personal data, and you may also have the right in some circumstances to have your personal data amended or deleted. To find out
more about those rights, complaint, or to contact our Data Protection Officer, please see our website at
www.bankofengland.co.uk/privacy