Data protection impact assessment

Apr 25, 2022

The importance of ensuring data protection in any institution can now be deciphered more patently than ever before especially in Europe ever since the onset of General Data Protection Regulation (GDPR). According to the experts, academics and practitioners, GDPR is a complete guide that safeguards data belonging to the EU citizens and residents being processed by both public and private entities.

Data Protection Impact Assessment (DPIA) is one of the key aspects of GDPR. The features of which have been manifestly enshrined in Article 35 (7), and recitals 84 and 90, and they are:

  • A description of the envisaged processing operations and the purpose of the processing.
  • An assessment of the necessity and proportionality of the processing.
  • An evaluation of the risks to the rights and freedom of data subjects.
  • The measures envisaged to:
  1. address the risks
  2. demonstrate compliance with this Regulation

The new Swiss legislation on data protection, that is expected to come into force this year or early next year, does also entail provision on DPIA. Since GDPR does not give any DPIA template, institutions hence can create their own based on the above articulated points. The UK (Information Commissioner’s Office, UK) template in this regard seems to be comprehensive. The template is as follows:

1. Identify need for a DPIA
2. Describe the processing
3. Consider consultation
4. Assess necessity and proportionality
5. Identify and assess risks
6. Identify measures to mitigate / eliminate risk
7. Sign off and record outcomes
8. Integrate outcomes into plan
9. Keep under review

Each rung can be further elaborated according to the type of the institution and its purpose of undergoing DPIA assessment.


Written by:
Mohammed Rakib-ul-Hassan
Research & Legal Analyst

Similar whitepapers

GRC in times of digital transformation – modern problems require modern solutio...

The digital transformation has fundamentally changed the landscape of Governance, Risk, and Compliance (GRC). Companies face new challenges arising from… ...

Significance of whistleblower legislation...

The term ‘Whistleblowing’ refers to the reporting of any wrongdoing and/or misconduct that include unethical behaviour, fraud, corruption,… ...

Think green and let your business become more sustainable...

Environment consciousness has become a major non-financial factor for businesses over the past few decades. The term ‘ESG’… ...


Zazoon AG
Beethovenstrasse 11
8002 Zurich

Feedback form