header image icon - clouds

Data Protection Impact Assessment (DPIA) Checklist

Data Protection Impact Assessment (DPIA) Checklist 37

Data Protection Impact Assessment (DPIA) identifies and minimise risks from data processing.  Help you analyse, identify and minimise any data protection risks of a project. 

This is part of your accountability obligations under the GDPR.  DPIA should help guide you to determine whether or not the level of risk is acceptable and make sure it is minimised.

What kind of “risk”?There is no explicit definition of ‘risk’ in the GDPR. 

Assessing the level of risk involves looking at both the likelihood and the severity of any potential harm and “risks to the rights and freedoms of natural persons”.

There are other website legal pages you need to consider before website launch.

Data Protection Impact Assessment (DPIA)

Data Protection Impact Assessment (DPIA) Checklist 38

Description

What is the nature, scope, context and purpose of the data processing?

Data Protection Impact Assessment (DPIA) Checklist 38

Understand and Document

Understand and document processing activities and identify risk.

Data Protection Impact Assessment (DPIA) Checklist 38

Consultation

Consult individuals, and other relevant parties.

Data Protection Impact Assessment (DPIA) Checklist 38

Data Protect Officer

Ask for advice

Data Protection Impact Assessment (DPIA) Checklist 38

Necessity

Is data processing necessary? Proportioned to purpose. How will ensure compliance with data protection principles?

Data Protection Impact Assessment (DPIA) Checklist 38

Objective Assessment

Likelihood or severity of risk to indivuduals.

Data Protection Impact Assessment (DPIA) Checklist 38

Protection

What measures can be put in place to eliminate or reduce high risk.

Data Protection Impact Assessment (DPIA) Checklist 38

Decisions

Document decision making process including difference opinions

Data Protection Impact Assessment (DPIA) Checklist 38

Implementation

Implement the measures identified and integrated into project plan.

Data Protection Impact Assessment (DPIA) Checklist 38

Review DPIA

Review and revisit when necessary.

Additional Information:

Justice and Consumers EU – Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

European Union Law – Protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive

Related Checklists

Leave a Reply

Your email address will not be published. Required fields are marked *