Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

ICO publishes Code of Practice and template for Privacy Impact Assessments

27 Feb 2014 United Kingdom 2 min read

Key contact

  • Claire Walker
    London

    Claire Walker

    Head of Client Training

This article was produced by Olswang LLP, which joined with CMS on 1 May 2017.

The ICO has just published its code of practice on conducting privacy impact assessments (PIAs), following a consultation last year. Although PIAs are not yet mandatory, they are regarded by the ICO as a helpful tool in identifying and reducing risk in systems and processes which involve personal data. The Code provides generic guidance on conducting a PIA and a very high level template and questions. The ICO suggests that organisations use the guidance to develop bespoke PIAs. Whether or not PIAs do eventually become mandatory under the proposed EU GDPR, it makes sense to risk assess significant new projects. With data security still top of the agenda, and the supply chain only as strong as its weakest link, PIAs are particularly important when selecting and contracting with suppliers who will process data on an organisation's behalf. The 49 page Code is available on the ICO website here

More insights
Cyber TMT - Technology, Media & Telecommunications Public Procurement Data Protection & Freedom of Information Employment, Labour & Pensions Employee Incentives Pensions Dispute Resolution

Explore more

Expert Guide International

Data protection and cybersecurity laws in the United Kingdom

38 min read
Publication United Kingdom

Cyber risk management for senior leadership teams

02 Oct 2025 1 min read
Event United Kingdom

CMS Update Morning: Media, Sports and Entertainment

29 Apr 2026
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.