Data Protection Impact Assessment

Data Protection Impact Assessment (DPIA), i.e. the assessment of the risk associated with processing of personal data should be a process designed to record personal data processing instances, assess the necessity of processing and to help manage the risks related to the rights and freedoms of individuals related to processing of their personal data. In other words, DPIA is the process of building and demonstrating privacy rules compliance.


DPIA reports are important accountability tools as they help data controllers not only be compliant with the GDPR requirements, but also prove that appropriate measures have been taken to ensure compliance.


In other words, DPIA is the process of building and demonstrating GDPR compliance but it can be used to assess the risk of processing personal data for other regulatory domains as well (CCPA in California, PIPEDA in Canada etc.).  Organizations in any regulatory domain should implement risk assessment process to control and mitigate risk related to processing of personal data.


The PrivacyRun system supports the DPIA risk assessment of personal data processing, in accordance with both the simplified and the full process. In the simplified mode, the system will perform majority of the tasks automatically. When choosing the expert method, a comprehensive set of questions and surveys will help the DPO perform the impact assessment.

PrivacyRun DPIA helps DPO:

  • describe the nature, scope, context and purposes of the personal data processing;
  • assess necessity, proportionality and compliance measures;
  • identify and assess risks to individuals; and
  • identify any additional measures to mitigate those risks.

To assess the level of risk, you must consider both the likelihood and the severity of any impact on individuals. The system supports risk assessment in seven main stages of the DPIA process:


  1. General information;
  2. Involved sites;
  3. Reliability and transparency;
  4. Rights management of individuals;
  5. Purpose limitation;
  6. Proportionality, data minimization and storage limitation;
  7. Information Safety.

High risk could result from either a high probability of some harm, or a lower possibility of serious harm. You should consult your DPO and, where appropriate, individuals and relevant experts. If you identify a high risk that you cannot mitigate, you must consult the DPO before starting the processing.


About us

What is PrivacyRun?

Here at PrivacyRun we built our solution with you in mind. Our data privacy platform supports your company’s compliance with local data privacy laws like GDPR and CCPA. We enable you to monitor where and how data is handled, track employee training and keep you up to date on privacy requests – helping you navigate the complex world of privacy compliance from one place.

Let’s talk about your project

    ProService Finteco is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. If you consent to us contacting you and storing your personal data for this purpose, please tick the checkbox below:

    For more information about our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.