Using the ICO's DPIA template we've created a DPIA that you can use to support your internal assessment requirements.
How to use this template
In most instances, you should be able to copy and paste the relevant information into your own DPIA using the information below.
Wording contained in [brackets] is information that you will need to populate that is relevant to your organisation's post.
This article covers both our Send and Receive services.
For our data processing agreement please see Clause 10, in our Terms.
Skip to a section
Step 1: Identify the need for a DPIA
Step 2: Describe the processing
Step 4: Assess necessity and proportionality
Step 5: Identify and assess risks
Step 6: Identify measures to reduce risk
Step 1: Identify the need for a DPIA
Explain broadly what the project aims to achieve and what type of processing it
involves. You may find it helpful to refer or link to other documents, such as a
project proposal. Summarise why you identified the need for a DPIA.
For Send services
-
Our organisation has the requirement to outsource/digitise the sending of our outbound post to achieve [cost savings/digitisation of post/posting while working remotely]
- The letters that we are posting may contain Personally Identifiable Information (PII) such as [the Data Subject's name and address] and [any other data contained in your Postal Items]
- Postworks, the third party, will be receiving digital files from our organisation, printing and posting them, and providing an online archive with digital date and time stamp of postage.
- A DPIA is required because a third-party will be processing Personal Data that we hold for the purposes of posting our communication.
For Receive services
-
Our organisation has the requirement to outsource/digitise the receiving of our outbound post to achieve [cost savings/digitisation of post/receiving post while working remotely]
- The letters that we are receiving may contain Personally Identifiable Information (PII) such as [the Data Subject's name and address] and [any other data contained in the items sent to us]
- Postworks, the third party, will be receiving physical letters addressed to our organisation, opening and scanning them, and providing an online archive with digital date and time stamp of date of receipt and scan.
- A DPIA is required because a third-party will be processing Personal Data for the purposes of providing us our inbound post digitally.
Step 2: Describe the processing
Describe the nature of the processing:
- How will you collect, use, store and delete data?
- What is the source of the data? Will you be sharing data with anyone?
- You might find it useful to refer to a flow diagram or another way of describing data flows. What types of processing identified as likely high risk are involved?
For Send services
-
For the purposes of processing our post, our [type of] data will be shared with Postworks.
- All sharing will take place using Postworks supplied software, so that our data is encrypted on transfer
- For the purpose of data security and this sample DPIA, Postworks assumes each Postal Item contains Personal Data, even if it does not.
Process | Purpose |
Collection | Postworks collects the Recipient name and address and any other Personal Data (from now on referred to collectively as "PII") contained in the PDF when a Postal Item is submitted via our platform. |
Recording | A copy of the Postal Item and any contained PII is held on Postworks Servers |
Organisation and Structuring | The Postal Item is assigned a Unique Reference Number (URN) and is linked to the Sender and the date/time of upload. The data is Organised so that an End User can Retrieve digital copies of the letter by searching the archive (see Retrieval). |
Adaptation or alteration | The Recipient address maybe adapted or altered by Postworks to improve the address quality. |
Retrieval | The Recipient name, postcode and any Personal Data that may be contained in the filename, can be searched against for the purpose of retrieving a copy of the document via our platform. |
Use | Other than for the purpose of providing an online archive, PII is not used by Postworks. |
Disclosure by transmission | Postworks receive your Postal Item and any PII contained within via encrypted transfer using our software. |
Dissemination (or otherwise making available) |
Per the Retrieval, the Postal Item and any PII can be made available to Postworks digitally, if the End User wants to, via the "Share with Support" function. Otherwise, the Postal Item and any PII are printed and inserted using production equipment for hand over to our Delivery Partner. |
Erasure or destruction | After 365 days the Postal Item and any PII is securely deleted from Postworks servers. |
For Receive services
-
For the purposes of processing our post, our [type of] data will be shared with Postworks.
- Physical Postal Items will be opened and scanned
Process | Purpose |
Collection |
Postworks collects the Sender name and any other Personal Data (from now on referred to collectively as "PII") contained in the physical letter when a Postal Item is received by Postworks. |
Recording |
A copy of the Postal Item and any contained PII is held on Postworks Servers in digital format. A physical copy of the original is held for up to sixty (60) days in the event that our organisation requires a copy of the original |
Organisation and Structuring |
The Postal Item is assigned a Unique Reference Number (URN) and is linked to the Sender and the date/time of scanning. The data is Organised so that an End User can Retrieve digital copies of the letter by searching the archive (see Retrieval). |
Retrieval | The Sender name and any Personal Data that may be contained in the filename, can be searched against for the purpose of retrieving a copy of the document via our platform. |
Use | Other than for the purpose of providing an online archive, PII is not used by Postworks. |
Disclosure by transmission | Postworks receive your Postal Item and any PII contained within. |
Dissemination (or otherwise making available) |
Per the Retrieval, the Postal Item and any PII can be shared with other users in our Organisation via the Postworks platform. A data/time stamp of the End User accessing the Postal Item and any PII is recorded. |
Erasure or destruction |
After a maximum of 365 days the digital Postal Item and any PII is securely deleted from Postworks servers. After 60 days the physical Postal Item and any PII is securely destroyed. |
Describe the scope of the processing:
- What is the nature of the data, and does it include special category or criminal offence data?
- How much data will you be collecting and using? How often?
- How long will you keep it?
- How many individuals are affected?
- What geographical area does it cover?
For Send services
- The categories of data contained in our Postal Items are [e.g. data subject's name, date of birth, address, medical history, test results, sensitive personal data]
- The data will be kept in Postworks online archive for a maximum of 365 days or less. The data retention period can be reduced if we require it.
- Our organisation posts approximately [number] of letters per month across all of our [UK] customer base.
For Receive services
- The categories of data contained in our Postal Items are [e.g. data subject's name, date of birth, address, medical history, test results, sensitive personal data]
- The physical copies of the Postal Items will be kept in Postworks archive for a maximum of 60 days or less.
- Our organisation receives approximately [number] of letters from [these locations] per month.
Describe the context of the processing:
-
what is the nature of your relationship with the individuals?
-
How much control will they have?
-
Would they expect you to use their data in this way?
-
Do they include children or other vulnerable groups?
-
Are there prior concerns over this type of processing or security flaws? Is it novel in any way?
-
What is the current state of technology in this area?
-
Are there any current issues of public concern that you should factor in?
-
Are you signed up to any approved code of conduct or certification scheme (once any have been approved)?
For Send services
- Our organisation will be the Data Controller and Postworks will be the Data Processor.
- Our customers expect to receive postal communication about the [services/products] that we provide as part of our [agreement with/service provided to] them.
- If any of the Recipients wish to know what information is stored about them, they will be able to make a Subject Access Request to Postworks who will be able to provide copies of any communication sent to them, providing that they are the listed as the Recipient on the first line of the address.
- Postworks is ISO27001 certified
- All communication between end-users and PostworksHUB™, Postworks API, Postbox for Windows™, PostboxServer™ and PostboxPrint™ is encrypted through their SSL certificates, that use RSA 4096 and 2048 bit keys.
- Further to this, all internal communication between Postworks API’s and resources is done through the same SSL encryption mechanism, so that no information is exchanged unencrypted.
-
These items and other physical data (eg misprints and reprints) are securely shredded on-site using industrial micro-cut shredders compliant with ISO 9001 / BS EN 15713.
- Data processing particulars are included in the terms.
For Receive services
- Our organisation will be the Data Controller and Postworks will be the Data Processor.
- Our customers expect to send us postal communication about the [services/products] that we provide as part of our [agreement with/service provided to] them.
- If any of the Senders wish to know what information is stored about them, they will be able to make a Subject Access Request to Postworks who will be able to provide copies of any communication received by them, providing that they are the listed as the Sender.
- Postworks is ISO27001 certified
- All communication between end-users and PostworksHUB™, Postworks API, Postbox for Windows™, PostboxServer™ and PostboxPrint™ is encrypted through their SSL certificates, that use RSA 4096 and 2048 bit keys.
- Further to this, all internal communication between Postworks API’s and resources is done through the same SSL encryption mechanism, so that no information is exchanged unencrypted.
-
These items and other physical data (eg original Postal Items) are securely shredded on-site using industrial micro-cut shredders compliant with ISO 9001 / BS EN 15713.
- Data processing particulars are included in the terms.
Describe the purposes of the processing:
- What do you want to achieve? What is the intended effect on individuals?
- What are the benefits of the processing for you, and more broadly?
For Send services
- Our organisation wishes to [reduce costs, reduce paper handling, reduce paper waste, work remotely, digitise processes]
- There is no intended effect on individuals, however, we believe that they will be provided a better service as a result of our organisation being able to [post faster, more cost effectively, have proof of postage, show that we have provided our service, delivered information to them more quickly]
- We will benefit from being [more efficient, realising cost savings, working remotely, accessing our information digitally, always being able to post regardless of our location]
For Receive services
- Our organisation wishes to [reduce costs, reduce paper handling, reduce paper waste, work remotely, digitise processes]
- There is no intended effect on individuals, however, we believe that they will be provided a better service as a result of our organisation being able to [receive post faster, more cost effectively, receive information more quickly]
- We will benefit from being [more efficient, realising cost savings, working remotely, accessing our information digitally, always being able to receive and action regardless of our location]
Step 3: Consultation process
Consider how to consult with relevant stakeholders:
- Describe when and how you will seek individuals’ views – or justify why it’s not appropriate to do so. Who else do you need to involve within your organisation?
- Do you need to ask your processors to assist? Do you plan to consult information security experts, or any other experts?
- We will work with [our information security consultant, IT, end users] to deliver this project.
- We will review and check Postworks':
Step 4: Assess necessity and proportionality
- Describe compliance and proportionality measures, in particular: what is
your lawful basis for processing? - Does the processing actually achieve your purpose? Is there another way to achieve the same outcome?
- How will you prevent function creep? How will you ensure data quality and data minimisation?
- What information will you give individuals? How will you help to support their rights?
- What measures do you take to ensure processors comply? How do you safeguard any international transfers?
For Send services
- By Postworks processing the data, and posting the letters on our behalf, we will achieve our goal of [cost savings/digitisation of post/posting while working remotely]
- We will only be sharing data with Postworks that requires processing for posting purposes
- Postworks systems are GDPR compliant and a data processing agreement will be in place (see our Terms for the data processing particulars)
- Processing the post in-house, will not provide the option of [cost savings/digitisation of post/posting while working remotely]
For Receive services
- By Postworks processing the data, and receiving the letters on our behalf, we will achieve our goal of [cost savings/digitisation of post/posting while working remotely].
- We will only be sharing data with Postworks that requires processing via our inbound post.
- Postworks systems are GDPR compliant and a data processing agreement will be in place (see our Terms for the data processing particulars).
- Processing the post in-house, will not provide the option of [cost savings/digitisation of post/posting while working remotely]
Step 5: Identify and assess risks
Describe the source of risk and nature of potential impact on individuals. Include associated compliance and corporate risks as necessary. | Likelihood |
Severity |
Overall risk |
Data intercepted during transfer | Unlikely | [low, medium, high] | |
Data accessed while being stored | Unlikely | [low, medium, high] | |
Letter sent to incorrect recipient | Rare | [low, medium, high] | |
Proof of postage is required/audit/compliance requirement | Highly likely | [low, medium, high] | |
Customer does not receive post | Rare | [low, medium, high] | |
Unauthorised employee accesses/views post | Rare | [low, medium, high] |
Step 6: Identify measures to reduce risk
Risk | Options to reduce or eliminate risk |
Effect on risk |
Residual risk |
Measure approved |
Data intercepted during transfer | 256-bit encryption on transfer using Postworks software | |||
Data accessed while being stored | Firewalls, weekly patching and security updates, encryption | |||
Letter sent to incorrect recipient | 2D barcode technology reconciling each sheet of paper into each envelope | |||
Proof of postage is required/audit/compliance requirement | Digital date and time stamp of upload and reconciliation of handover to Delivery Partners | |||
Customer does not receive post | Digital date and time stamp of upload and tracking to handover | |||
Unauthorised employee accesses/views post | User permission levels can be set to restrict access |
Got more questions?
You can contact us on support@postworks.co.uk