DPIA
Skill packages tagged with “DPIA”
GDPR Gap Assessment
Perform a structured gap assessment against GDPR (Regulation 2016/679). Mandatory artifact detector scans for missing compliance documents; maturity rater suggests 0-5 maturity per domain across all compliance domains (principles, lawful basis, transparency, data subject rights including Art. 19, controller obligations, security, breach notification, DPIA including Art. 36 prior consultation, DPO governance, processor management, international transfers, training). Produces findings register and prioritized remediation roadmap with Art. 83 fine tier analysis.
GDPR Privacy by Design & Default (Art. 25)
Assess and document data protection by design and by default measures per GDPR Article 25 and EDPB Guidelines 4/2019. Covers the seven foundational principles, Hoepman's eight design strategies, Art. 25(2) four-dimension default settings review, controller/processor scope, DPIA necessity assessment (EDPB WP248 rev.01), and organisational measures.
GDPR ROPA & DPIA Author
Guided elaboration of Records of Processing Activities (ROPA) and Data Protection Impact Assessments (DPIA): processing purposes, legal basis, data categories, recipients, retention, safeguards, and DPIA necessity assessment and risk mitigation.
India DPDP Act — Data Protection Impact Assessment
Draft and validate a Data Protection Impact Assessment for Significant Data Fiduciaries under India's Digital Personal Data Protection Act 2023. Covers processing inventory, consent framework, data principal rights, and cross-border transfers.
ISO 27701 DPIA Program
Establish a Data Protection Impact Assessment (DPIA) program aligned to ISO 27701 Clause 7.2.5 and GDPR Article 35. Create DPIA methodology with WP29/EDPB screening criteria, screen processing activities for high-risk triggers, conduct individual DPIAs, and track risk mitigation with residual risk assessment.
ISO 27701 Privacy Risk Assessment
Conduct a privacy-specific risk assessment focusing on risks to PII principals per ISO 27701 Clause 5.4 (2019) / Clause 6.6 (2025). Defines all 8 individual-focused privacy impact criteria (physical harm, financial loss, discrimination, reputational damage, emotional distress, loss of autonomy, identity theft, social disadvantage — not organizational CIA-triad categories), identifies privacy threats per processing activity and PII principal category, scores risks on a 5x5 privacy impact matrix, assesses DPIA triggers per GDPR Art. 35 / EDPB WP248 rev.01, and plans treatment using privacy-specific options (minimize, pseudonymize, anonymize, consent, purpose limitation, encryption, deletion).
PIIA (SA) — Consultation Report
Draft the consultation report for a POPIA PIIA: document views from stakeholders or data protection experts consulted on the impact assessment.
PIIA (SA) — Mitigation Measures
Draft the mitigation measures for a POPIA PIIA: safeguards, security measures, and technical/organisational controls to address identified risks.
PIIA (SA) — Necessity and Proportionality
Draft the necessity and proportionality assessment for a POPIA PIIA: document that processing is necessary and that no less-intrusive method exists.
PIIA (SA) — Purpose of Processing
Draft the purpose of processing and lawful basis documentation for a POPIA PIIA, aligned with purpose specification and lawful processing.
PIIA (SA) — Risk Assessment
Draft the risk assessment for a POPIA PIIA: analyse risks to data subjects' rights and freedoms, including harm, discrimination, and financial loss.
PIIA (SA) — Sign-off
Draft the PIIA sign-off: final approval from the Information Officer or senior management acknowledging residual risk.
PIIA (SA) — Systematic Description of Processing
Draft the systematic description of processing for a POPIA PIIA: step-by-step description of how personal information is collected, used, stored, and deleted.
Privacy & PII Protection Program
Build a comprehensive privacy program aligned with ISO 27001:2022 A.5.34 and major privacy regulations (GDPR, LGPD, CCPA). Produces five core privacy documents: external-facing privacy policy, Record of Processing Activities (ROPA), Data Protection Impact Assessment (DPIA) template, data subject rights procedure, and data breach notification procedure with jurisdiction-specific regulatory timelines.
UAE Federal PDPL — Data Protection Impact Assessment
Draft and validate a DPIA under UAE Federal Decree-Law No. 45/2021 on the Protection of Personal Data (PDPL) and its Executive Regulations. Covers data inventory, lawful basis, cross-border transfers, and 72-hour breach notification.
UK GDPR & DPIA (Data Protection)
Conduct and validate Data Protection Impact Assessments (DPIAs) under the UK GDPR and ICO guidance for high-risk processing. Suggests technical and organisational safeguards aligned with UK Adequacy standards. Validates breach-notification policies against the 72-hour ICO reporting window.