Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

[DRAFT] DPIA Request Handling Guidance - Internal

Use this article when a customer, prospect, hospital, or internal stakeholder asks for a DPIA, asks Proximie to complete a DPIA template, or requests privacy information for an internal review. The goal is to make sure requests are handled consistently, only approved customer-facing material is shared, and non-standard requests are routed to the correct reviewer.

Step 1: Collect the minimum required information

Before responding, collect the following:

  • customer / prospect name
  • related account, opportunity, or workspace
  • whether this is for Surgical Suite, Intelligence Suite, or both
  • deadline requested by the customer
  • whether the customer has sent their own DPIA template or questionnaire
  • country / region of the requester
  • whether this is part of renewal or it's a new customer
  • any internal urgency or commercial context
  • any existing NDA or contractual status, if relevant to your process
  • any contractual data retention period

Step 2: Acknowledge the request

  • confirm receipt
  • make sure you have the customer's template if they have one
  • set expectations on timeline

Do not promise a turnaround until scope is clear. Prioritize based on urgency.

Step 3: Ticket creation on HubSpot

All DPIA requests should be sent through the official IG channel which is the ig-support@proximie.com mailbox. Once the request is received and the information is collected, we nee to create a ticket on HubSpot:

  1. Forward the email to internalsupport@proximie.com, this will automatically create a case on HubSpot
  2. Change the pipeline to IG request
  3. Add all the information collected to the existing fields, make sure all fields are filled
  4. Change the status of the case accordingly

Step 4: Filling out the DPIA

  • Take a first pass on the document and complete all the known parts with confirmed information
  • Use Pax to answer any questions you weren't able to answer on the first pass, only use information that come from our documentation
  • Make a list of the remaining unanswered questions to review with the relevant teams
  • Send back the DPIA to our DPO (david.stone@kdpc.uk and cc dpo.proximie@kdpc.uk) for him to complete/review all sections related to data protection.
  • Finalize the document and make sure the wording is correct
  • Send back to the requestor to share with the client

Step 5: What can be shared

Only share:

  • approved customer-facing DPIA material
  • approved customer-facing privacy / IG summaries
  • approved supporting documents and certifications stored in the agreed source of truth
  • approved standard wording for Surgical Suite / Intelligence Suite where available

Source of truth

Use only the latest approved version from:

Do not use locally saved copies, email attachments, or outdated documents.


Step 6: What must not be shared

  • draft DPIAs
  • outdated documents
  • documents labeled draft, internal, or review only
  • unapproved wording created manually in an email
  • legal or compliance statements that have not been reviewed
  • any document unless you are sure it is customer-facing and current