FAQ'S
      Back to home
      1. GDPRiS Knowledge Base
      2. FAQ'S

      What is a DPIA? And when should we do it?

      A Data Protection Impact Assessment (DPIA) is essentially a risk assessment that needs to be carried out before you begin any type of processing that is likely to result in High risk to the rights of freedoms of the individuals.

      Within GDPRiS RoPA area you will see that you can generate DPIA templates, including screening questions, compact, and full.

      How to Choose and Complete the Right Data Protection Impact Assessment (DPIA)

      When handling personal data, it’s important to determine whether you need to complete a Data Protection Impact Assessment (DPIA) and, if so, which type is appropriate for your situation. This guide will walk you through the three main types of DPIAs and help you choose the right one for your needs.

      1.    Screening Questions DPIA

      Purpose:
      Use this type when you're uncertain whether a full DPIA is required.

      How to Use:

      • Complete the form by answering the screening questions provided.
      • The questions will help you assess whether your data processing activity poses any risks that would necessitate a full DPIA.
      • By the end of the form, it will be clear if you need to proceed with a more detailed DPIA.

      When to Choose This Type:

      • If you’re unsure about the potential impact of your data processing.
      • When you need guidance to decide if further assessment is necessary.

      2. Compact DPIA

      Purpose:
      This is ideal when you believe a full DPIA isn't necessary, but you want to document that you've considered the need for one.

      How to Use:

      • Fill out the compact DPIA form, which is a brief and straightforward assessment.
      • This form allows you to quickly evaluate and record the consideration of privacy impacts without the need for a full DPIA.

      When to Choose This Type:

      • When the data processing is minimal and doesn’t involve sensitive information.
      • If you want to demonstrate that you’ve thought about data protection impacts, even if a full assessment isn't required.

      3. Full DPIA

      Purpose:
      This type is used when you know a DPIA is necessary, particularly for large-scale data processing or handling special category data.

      How to Use:

      • The full DPIA is detailed and spans 30 pages, but don’t be intimidated. The length is due to the inclusion of comprehensive guidance.
      • Follow the step-by-step instructions provided, which include examples, suggested responses, and common risks with mitigations.
      • This thorough approach ensures you cover all aspects of data protection and risk management.

      When to Choose This Type:

      • For projects involving significant amounts of personal data.
      • When processing special category data, such as health information or other sensitive data.
      • In cases where the data processing could significantly impact individuals’ privacy.