Professional Documents
Culture Documents
This template is designed to simplify the processing of the Data Protection Impact Assessment (DPIA) questionnaire
Instructions
1. Enter the answers to the questions in the red box in the "DPIA questionnaire" tab (the three columns "Yes", "No" and "C
2. Go to the tab "Results and risks" and set the filter in cell C13 to "everything except the (Empty cells)"
3. Copy the cells on the DPIA tab indicating a risk and paste it into the MS Word DPIA report template in chapter 3 (Identifi
4. In the results tab you can read about which privacy principles the project is currently most at risk
5. Complete the MS Word template. You can insert the spreadsheet in Chapter 5 as a attachment.
Note 1: The controller must also seek advice from the data protection officer (Article 35 (2)) and that advice should
be included,together with the decisions of the controller, in the data protection impact assessment report.
Note 2: Data protection officer should also monitor the implementation of the risk mitigating measures that arise from the
Documentation and source of references: the Norea guide PIA v1.2 (https://www.norea.nl/download/?id=522)
Total risks:
OECD Principles
1. Limiting the collection of data
2. Data quality
3. Purpose limitation
4. Limiting the use of data
5. Security
6. Transparency
7. Rights of data subjects
8. Responsibility and Accountability
ID Risks
0
# Risks Risk %
0 0.0%
0 0.0%
0 0.0%
0 0.0%
0 0.0%
0 0.0%
0 0.0%
0 0.0%
Mitigating measures
DATA PROTECTION IMPACT ASSESSMENT
This is a English work version, based on NOREA PIA, version 1.2
Offered to you by RDM Support Utrecht University (www.uu.nl/rdm)
# Question
1 Project type
1.5 Has the purpose of processing personal data within the project been
sufficiently SMART defined?
1.6 Is there ..
(Other) major shifts in the way the organization works, the way in
d which personal data is processed and / or the technology that is
used in that process?
e A new processing of personal data?
Is all data necessary to achieve the goal (are there as few data as
2.1 possible collected)?
With one of the above Yes: Can the goal be achieved with other
2.4.1 data that entail a reduced risk of abuse?
2.6 Do the data relate to the whole or large parts of the population?
3 Involved parties
3.1 Are there (after completion of the project) multiple internal parties
involved in the collection and further processing of the data?
Are there (after completion of the project) multiple external parties
3.2 involved in the collection and further processing of the data?
Are parties involved (in the project or during processing) that do not
3.3 have to comply with privacy legislation that is comparable to the
Netherlands?
Is the provision of the data to third parties in line with the purpose
3.4 for which the data were originally collected?
4.4.1 If you request permission (opt-in) from the data subject: can the
data subjects withdraw the consent at a later date (opt-out)?
4.5 Are you informing the data subject that the data is being collected?
4.5.1 Under No: Can the data subjects be aware of the data collection?
For Yes (on question 4.5): Do you inform the data subject why the
4.5.2 data is being collected (what will you do with it)?
For Yes: (on question 4.5): Do you tell the data subject to whom the
4.5.3 information is provided (where this is not a legal obligation)?
Could the person concerned be surprised by the processing (at the
4.6 time that he is informed about this)?
Is the use of the data compatible (in line) with the purpose of
5.1 collecting?
5.2 Is data used for other business processes or goals than they were
originally collected for?
5.4 Are decisions made on the data subjects based on the data?
Yes: do the data provide a complete and up-to-date picture of the
5.4.1 data subjects?
5.10 Can the data subjects correct their data or ask (improve,
supplement)?
5.11 Can the data subjects delete their data or request it?
7 Security
7.2 If so, is it clear what measures are being taken to ensure that the
requirements set in the security policy are met?
If so, are the Guidelines on the duty to report data breaches which
8.2 the Supervisory Authority has published adequately taken into
account when adopting the measures?
version 1.2
(www.uu.nl/rdm)
Extra information
The GDPR stipulates conditions for the use of data for commercial
or charitable purposes, such as the right of objection.
In the answering, please take into account whether the data subject
can reasonably be aware of the processing of the data.
The GDPR has a limited number of bases on which data may be
processed:
1. You request permission.
2. The data is necessary for the execution of an agreement where
the person concerned is a party.
3. The data is required for compliance with a legal obligation.
4. The data subject has a vital interest in collecting the data.
5. The data is necessary for the proper performance of a public-law
task.
6. You have a legitimate interest in processing.
When processing the data, it must be clear whether the data subject
must give consent (opt-in) or not, but may object later (opt-out)
In doing so, take into account the purpose for which the data was
collected and subsequently processed and company guidelines and
legally stipulated retention periods, such as in the Archives Act and
tax legislation.
It is not enough to label data as 'expired'; after the expiry of the
retention period, these must actually be removed.
When answering the question, take into account:
1. Whether it is possible to destroy or delete (parts of) the data.
2. If the data is destroyed or deleted, or this can be undone.
3. Whether the data can be made anonymous to save them.
Think of the measures that are taken to comply with the policy
described (an information security plan).
The Guidelines for the Protection of Personal Data explain how the
Data Protection Authority uses the security standards from the
GDPR when examining and assessing the security of personal data in
individual cases. The Guidelines refer to and are linked to generally
accepted security standards, such as ISO / IEC 27001/27002 and
NEN 7510.
Continue.
You can stop. Of course, you can use this PIA to gain a better
understanding of the risks of the project and thereby make your
own risk (in the role of processor or as involved in the project)
transparent.
Continue.
Continue.
You run an increased risks, the impact of your project on the people
involved and the way in which they will react is difficult to estimate.
This could lead to an increased risk of reputation damage,
disruption of business continuity, and actions by enforcers and
supervisors.
You run an increased risks, the impact of your project on the people
involved and the way in which they will react is difficult to estimate.
This could lead to an increased risk of reputation damage, ,
disruption of business continuity, and actions by enforcers and
supervisors.
You run an increased risk, the impact of your project on the people
involved and the way in which they will react is difficult to estimate.
This could lead to an increased risk of image damage, disruption of
business continuity, and actions by enforcers and supervisors.
You run an increased risks, the impact of your project on the people
involved and the way in which they will react is difficult to estimate.
This could lead to an increased risk of image damage, disruption of
business continuity, and actions by enforcers and supervisors.
Your risk profile changes. You are advised to perform a compliance
check. Such projects require a good assessment of the
consequences in terms of privacy.
Your risk profile changes. You are advised to perform a compliance
check. Such projects require a good assessment of the
consequences in terms of privacy.
Your risk profile changes. You are advised to perform a compliance
check. Such projects require a good assessment of the
consequences in terms of privacy.
You can stop. The (possible) privacy risks of your processing are low.
The further execution of this PIA therefore has little added value.
Pay attention! You must, however, comply with the requirements of
the GDPR. This can be determined through a compliance check.
You run an increased risk. The more laws and regulations, the higher
the risk that you do not comply with this.
A large number of laws and regulations also indicate the social
importance that is attached to the subject.
You are advised to identify the applicable laws and regulations and
to clarify the (privacy) consequences.
Continue.
Continue.
Working with this type of data entails an increased risk of abuse that
has a (potentially large) impact on the data subject and therefore
calls for better security. Processing this data is only allowed under
certain legal conditions.
Working with this type of data entails an increased risk of abuse that
has a (potentially large) impact on the data subject and therefore
calls for better security. The processing of this data is only permitted
under certain legal conditions.
Working with this type of data entails an increased risk of abuse that
has a (potentially large) impact on the data subject and therefore
requires better security.
You run an increased risk. There is a risk that those involved may
want to cooperate less quickly, or that the trust in the organization
decreases.
You are advised to use other less intrusive data.
Moreover, your organization runs compliance risks if this is the case.
Continue.
You are running a compliance risk. The use of data from commercial
targets requires additional requirements.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
You run an increased risk. If data subjects are surprised by data
processing, for example because more data is collected than is
necessary at first sight, or because the further use is not in line with
the purpose of collecting, there is a risk that the data subject will
not provide the data or object. against the use.
You are advised to check whether the data can be collected by other
means, whether less data can be collected or if the goals of further
use are in line with the purpose of collecting.
Continue.
Continue.
Continue.
You run an increased risk that the data will be used or will be used
in the future for purposes other than those for which it was
originally collected (function creep).
You are advised to take measures to prevent or make this so-called
function creep impossible, for example by applying strict retention
periods.
You run an increased risk. The more parties involved, the greater
the chance of data loss, lack of clarity in responsibilities, the use of
the data for other purposes and the chance of errors.
Provide a clear description of the tasks and responsibilities related
to the data describing, among other things:
- The security of data and its coordination between the parties.
- The data quality.
- Handling of errors.
- Error reporting.
- Control.
Also provide a clear data description. Record agreements
contractually.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue with 6.2.1.
Continue.
Continue.
Continue.
Continue.
Continue.
End questionnaire.
No Yes No
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
Continue.
You run an increased risk. If you can not comply with requests from
data subjects to stop processing data or because you do not offer
this possibility, this can lead to irritation of the data subjects or
costly adjustments in systems. You are advised to allow those
involved to withdraw the permission and to make this technically
possible.
Continue.
The use of the data must be in accordance with the purpose of the
processing. If this is not the case, there is a risk that the data is not
suitable for the purpose because, for example, the quality is not
good.
You run a compliance risk if you do not comply with this.
The use of the data must be in accordance with the purpose of the
processing.
You run a compliance risk if you do not comply with this.
Continue.
Continue.
Continue.
You run an increased risk. Data subjects have the right to view their
data. It is important that you yourself have a clear overview of the
data that is processed and where it is located within the
organization.
You also run a compliance risk as it is mandatory to provide
interested parties (upon request, possibly for a reasonable fee)
inspection.
You run an increased risk. Data subjects have the right to request
data removal. If there are no compelling reasons not to do this, this
should also be done. In other cases, the data subject has the right to
be informed of the reason for (partly) not complying with the
request.
With this you are running a compliance risk.
You run an increased risk. If data is stored infinitely, the risk of using
it is increased by unauthorized persons. It also entails costs to keep
(and maintain) the data.
With this you also run a compliance risk. You only need to keep data
for as long as necessary to meet the objectives. You can keep
anonymous data after this period.
You run an increased risk. If data is stored infinitely, the risk of using
it is increased by unauthorized persons. It also entails costs to keep
(and maintain) the data.
In addition, it is desirable (and in many cases obligatory) to delete
data at the request of the person concerned.
With this you are running a compliance risk. You only need to keep
data for as long as necessary to meet the objectives.
You are advised to destroy the data after it is no longer needed (if a
legal obligation to keep it is not in the way) or if this is not possible
to anonymise.
Continue with question 7.1.
You are advised to still check whether and to what extent the
security of the personal data is guaranteed in line with the
requirements of the Guidelines and with relevant security
standards.
You are advised to still test whether and if so to what extent the
obligation to report data leaks are in line with the requirements of
the Guidelines.
End of questionnaire.
0
Risk
Comment / explanation 1=Yes
0=No
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0