DPIA Screening: Debt Management Policy
A Data Protection Impact Assessment (DPIA) is a process to help you systematically and comprehensively analyse your personal data processing and help you identify and minimise any data protection risks of a project.
You must do a DPIA before you begin any type of personal data processing that is “likely to result in a high risk.”
This set of screening questions will help you decide whether a DPIA is necessary.
Please note, if there is a change to the nature, scope, context or purposes of your processing you will be required to complete this screening template again.
You will be accountable for the screening decisions you make.
Therefore, it is critical that you document via “Explanatory Notes” the screening decisions you have made, providing logical reasons regarding whether to do a DPIA or not.
Section A - Project Details
| Title of Project, Plan or Policy |
Debt Management Policy |
|---|---|
| Is this an existing, revised or new project? |
Revised |
|
What is the purpose of the project, plan or policy? e.g. intended aims or outcomes Include any relevant background information here |
The purpose of this policy is to set out the Council’s approach for effective management and recovery of debt, ensuring that all income owed is pursued in a timely, consistent, and fair manner. It sets out the framework within which debt will be monitored and recovered, supporting the Council’s responsibility to safeguard public funds and maintain financial stability. |
| Which MEABC Department owns or holds responsibility for this project, plan or policy? | CSS - Finance |
Section B
| Does this project, plan or policy involve the processing of personal data? |
Yes |
|---|---|
If the answer to this question is ‘No’, you do not need to conduct a DPIA. Please proceed straight to Section E. |
Section E: Findings
Is a DPIA required? No
Note: Data Protection legislation and Information Commissioner’s Office guidance state that you should seek your Data Protection Officer’s advice when you need to do a Data Protection Impact Assessment.
Has a DPIA been recommended? No
You may wish to conduct a DPIA even if the screening indicates that one is not required. A DPIA is a useful tool to consider any impacts and/or risks involved in processing personal data.
Final Comments
Customer details including name, address, email address, telephone number and bank details where applicable, are stored within the finance system TECH1, used by MEABC.
These details are used by the Sales Ledger Department to issue invoices, statements and where necessary payment reminder letters to the customer.
The bank details are only stored on a customers account for those for customers paying via direct debit.
Access to customer details are restricted to those working within the Sales Ledger Department, Senior Finance Managers and Accountants within the finance team. – Treasury Accountant.
This screening has identified one form of high-risk processing ‘denial of access’ i.e. personal information is held on record within TechOne system to allow a decision to be made to either deny or grant access to customers.
A full DPIA specific to Debt Management is not necessary based on the rest of the answers indicating no other forms of high-risk processing take place.
However, it is recommended that this should be factored within the overarching TechOne DPIA which is currently being drafted or within a DPIA specific to the Finance Departments’ use of TechOne. – Information Governance Officer.
| DPIA Screening undertaken by: | TREASURY ACCOUNTANT |
|---|---|
| Date Completed: |
10 March 2026 |
| DPIA Screening approved by: | Assistant Director – Finance |
|---|---|
| Date Completed: |
23 March 2026 |