DPIA template

This template is an example of how you can record the DPIA process and results. You can start to fill in details from the beginning of the project, after the screening questions have identified the need for a DPIA. You can adapt the process and this template to produce something that allows your organisation to conduct effective DPIAs integrated with your project management processes.

Step one: Identify the need for a DPIA

• Explain what the project aims to achieve, what the benefits will be to the organisation, to the individuals and to other parties.
• You may find it helpful to link to other relevant documents related to the project, for example a project proposal.
• Also summarise why the need for a DPIA was identified (this can draw on your answers to the screening questions).

Step two: Describe the information flows

• You should describe the collection, use and deletion of personal data here.
• It may also be useful to refer to a flow diagram or another way of explaining data flows.
• You should also say how many individuals are likely to be affected by the project.

Step three: Consultation requirements

• Explain what practical steps you will take to ensure that you identify and address data protection risks.
• Who should be consulted internally and externally?
• How will you carry out the consultation?
• You should link this to the relevant stage of your project management process.
• You may use consultation at any stage of the DPIA process.

Step four: Identify the data protection and related risks

• Identify the key data protection risks and the associated compliance and corporate risks.
• Larger scale DPIAs might record this information on a more formal register.
• Answer these questions to ensure compliance with the seven data protection principles.