Scribd
Upload
258 views

Defradar - Data Protection Impact Assessment Questionnaire

This document provides a questionnaire template for conducting a data protection impact assessment (DPIA) as required by the European Union's General Data Protection Regulation (GDPR). The DPIA questionnaire covers key details about the project such as name and description, the reason for conducting the assessment, and the scope, personal data involved, how the data will be obtained, processed, stored, retained, transferred, and who will have access to it. Completing the questionnaire helps identify and minimize privacy risks to individuals from the processing of their personal data.

Uploaded by

Jakobović Domagoj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
258 views

Defradar - Data Protection Impact Assessment Questionnaire

This document provides a questionnaire template for conducting a data protection impact assessment (DPIA) as required by the European Union's General Data Protection Regulation (GDPR). The DPIA questionnaire covers key details about the project such as name and description, the reason for conducting the assessment, and the scope, personal data involved, how the data will be obtained, processed, stored, retained, transferred, and who will have access to it. Completing the questionnaire helps identify and minimize privacy risks to individuals from the processing of their personal data.

Uploaded by

Jakobović Domagoj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Data Protection Impact Assessment Questionnaire

This form should be used to record the key information about a data protection
impact assessment (DPIA) which may be required under the provisions of the
European Union General Data Protection Regulation (GDPR).

Project Details

Project name: <Name>

Project reference: <Website link or internal reference (intranet) could be


added here>

Project description:
Here you need to include a brief description of the project
as well as part of the objectives or the most important ones

Reason for data protection impact assessment

Please select the reason why a DPIA is appropriate:

☐ information about living individuals will be collected and processed for the
first time

☐ information about living individuals will be shared with people or


organizations that previously did not have access to it

☐ change of use of existing personal data

☐ the use of new technology that collects or uses data of a personal nature
e.g. biometrics

☐ existing personal data will be used to reach decisions as part of an


automated process

☐ it might reasonably be expected that an individual may find any aspect of


the project intrusive or the data involved private

☐ Other
Scope of the DPIA

Define the scope of DPIA in terms of:

 geographical location (ex. Country, or headquarter location)


 Internal departments
 Business workflow or process
 IT services, systems and networks
 Clients, offers, products, buyings, services etc

Personal data involved

[Describe the data items to be stored and processed. You may also use the Personal
Data Flow Mapping Tool to supplement your description]

How will the data be obtained?

[Include whether the data will be obtained directly from the data subject or indirectly
from a third party]

How will the data be processed?

[What will the data be used for? Will it be processed internally or by one or more
third parties?]
What are the retention timescales of the data?

[How long will the data be kept for and why?]

How will the data be stored?

[Where will it be stored and what controls will it be subject to e.g. encryption at rest?]

Are there any other possible future uses of the data?

[Is it likely that the data will be used for purposes other than those for which it is
collected and if so, what?]

Where will the data be transferred to and under what circumstances?

[Will the data be sent to other locations or third parties in other countries? If so, what
would trigger the transfer and why?]
Who will have access to the data and how?

[Who within the organization and who externally will be able to access the data and
what controls will be in place to manage this?]

Signature:

Name:

Date:

Once completed, this form should be submitted via email to


….<[email protected]>

You might also like