Class Three: What our priorities are and how we are doing

Class three includes information on:

Targets, aims and objectives

Performance against targets/ key performance indicators (KPI)/ performance management information

Performance, Finance and Information Governance Committee

Quality and safety reports

Quality, Safety and Experience Committee

Annual Governance Statements

Annual Governance Statements

Caldicott Principles in Practice (C-PIP) & NHS Wales Information Governance Toolkit

Prior to August 2021 these reports were presented to the Digital and Information Governance Committee

From 2021 onwards the IG toolkit has replaced C-PIP and an annual report is presented to the Performance, Finance and Information Governance Committee

Audit reports

These reports are presented to the Audit Committee

Service user surveys

Get Involved - Betsi Cadwaladr University Health Board

Data Protection Impact Assessments (DPIAs)

A DPIA is a tool which helps identify and minimise the data protection risks of a project. It is a statutory requirement for data processing that is likely to result in a high risk to individuals. This includes some specified types of processing. DPIAs are an integral part of taking a privacy by design approach.

An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.

The Information Commissioner's Office (ICO), which is the UK regulator for Data Protection legislation, encourages organisations to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle. For example when:

building new or upgrading existing IT systems for storing or accessing personal data;
developing legislation, policy or strategies that have privacy implications;
embarking on a data sharing initiative; or
using data for new purposes.