One legal requirement introduced by the GDPR is the obligation to conduct DPIAs for ‘high-risk’ processing activities.
Schools and trusts are likely to need DPIAs for projects such as implementing a new management information system, using software that uses biometric data and gathering health information for their COVID-19 response.
This paper explains exactly what DPIAs are, why and when you need to conduct them, and offers a straightforward approach that you can tailor to your needs.