A new obligation introduced by the GDPR is the Data Protection Impact Assessment (DPIA) (Article 35). A DPIA is a tool used to map out the privacy risks of systems and processings and to document the measures taken to reduce the risks. A data controller must assess the impact of a proposed processing if it poses an increased risk to the data subject.
Privacy Company has developed its own DPIA model, based on best practice. Use our DPIA model to assess and weigh the risks of Processings, or upload and attach DPIAs you performed earlier using your own DPIA model.
We use a clear survey with close-ended questions where possible. The questionnaire is divided into several steps in order to make the entire assessment more manageable. The DPIA can be linked to a specific processing form the Inventory module. This way, for all your high-risk processings, you can demonstrate that you have assessed the risks it poses to the data subjects and sufficient measures that you have taken in order to reduce these risks.