DPO Solns NY 10022DPO Privacy and Security Training Templates New York

Data Privacy Impact Assessment Template XLS Download


A Data Privacy Impact Assessment is required under GDPR and US privacy laws. It’s also considered best practice for a majority of organizations who may not be technically required to perform them. This excel workbook has 8 areas of assessment split into separate worksheets. Probably the most detailed method of assessment out there and suitable as a template for new projects or project upgrades which present a significant data privacy risk to customer data. Also includes a comprehensive privacy impact assessment process diagram to guide you through the PIA process.


The requirement for a privacy impact assessment (PIA) or data protection impact assessment (DPIA) was introduced with the General Data Protection Regulation (Art. 35 of the GDPR). This refers to the obligation of the controller to conduct an impact assessment and to document it before starting the intended data processing. It’s also required when major changes or upgrades are made to systems processing personal data.
This spreadsheet is a detailed template for conducting the required assessment. We also include a process guide diagram to help you implement the PIA more effectively.

3 Things to Know About Performing DPIA’s

Privacy impact assessments may often be complicated by several factors when getting ready to perform them. Here are some challenges to be aware of before you begin.

    • Information Gathering: Gathering the required information can be a challenge when assessors have not been involved in every project. So, they end up chasing down leads to find out who data custodians are, diagrams, where data is stored etc. Assessors will also inevitably need to follow-up on requests for information from busy respondents whose priorities lie elsewhere.
    • Continuous Re-evaluation: As organizations and processes change, DPIAs need to be continuously reviewed and reassessed. Keeping track of those review schedules and consequential actions is no easy task as it requires attention to detail.
  • Manual Nature of DPIA’s: As organizations scale, so do the number of processing activities and requisite DPIA’s. The manual nature of performing the 7 steps of each assessment can be burdensome and inevitably clash with the need for speed in development environments. These steps include
    1. Pre-assessment
    2. Describe the processing
    3. Consider consultation
    4. Assess necessity and proportionality
    5. identify and assess risks
    6. Identify measures to mitigate the risks
    7. Sign off and record outcomes

Read More on PIA Steps Below


Visit our Shop for Training Downloads.



You may also like…

Go to Top