50.
(1) Where a data protection impact assessment is required, a data controller or data processor may conduct the assessment through a template set out in the Third Schedule.
(2) Despite sub-regulation (1), a format of the data protection impact assessment may be varied by the Data Commissioner through guidance notes as may be issued from time to time.
