We've detected that Javascript is not enabled. It is required for an optimal survey taking experience.
Please check your browser's settings and make sure Javascript is turned on. Learn how to enable Javascript.

Skip survey header

DP Assessment Tool – Data Protection Impact Assessments

Article 20 – Data Protection Impact Assessments

A question all organisations, whether Controller or Processor, must ask themselves on a regular basis is whether a Data Protection Impact Assessment must be conducted for certain Processing activities, projects, etc. This assessment tool sets out the considerations necessary to determine your company’s obligations under Article 20 of the DP Law 2020, and helps you to understand what it may need to do to comply.

1. Does your business conduct High Risk Processing Activities?
If you are unsure, please complete a High Risk Processing Activity Assessment and provide your answer accordingly before completing the rest of this assessment. *This question is required.

2. Do your company’s Processing operations lead to a high risk to Data Subject rights (even if it is not a High Risk Processing Activity)? *This question is required.

3. Are you engaging in or considering engaging in Processing related to automated or semi-automated systems, machine learning, or generative technology such as AI? *This question is required.

Has a single assessment already been conducted by another member of your Group which i) remains current and accurate ii) relates to substantially the same Processing and iii) which can be relied upon as complete and applicable to this entity’s / affiliate’s Processing operations? *This question is required.

Has a DPIA already been conducted for legal bases related to compliance with Applicable Laws or for regulatory purposes, powers or functions as set out in Article 10(c) or 10(e), or for another Applicable Law regulating the specific Processing operation? *This question is required.