Simple DPIA Template

Simple DPIA Template

Why do I need a DPIA template?

There are many Data Protection Impact Assessments (DPIA) tools available; a quick online search will reveal many of these, but do they lead you to a simple DPIA template?

Some say they are free, some are even, actually, free.  However, many templates are bloated, overly complex and aimed squarely at big business.  What about those who don’t have the time, resource and money to throw at completing complex assessments?

There are few, if any targeted at the micro, small and medium business who want to do the right thing and comply with the General Data Protection Regulation (GDPR). Let’s have a look how to use a simple DPIA Template.

What do I need to do?

There is a difference between best practice, to which all organisations should aspire, and the minimum requirement.

Article 35 of the GDPR details the minimum requirement of the DPIA as follows:

  • systematic description of the planned processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller;
  • an assessment of the necessity and proportionality of the processing operations in relation to the purposes;
  • an assessment of the risks to the rights and freedoms of data subjects;
  • the measures intended to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with the GDPR with regard to the rights of data subjects and other persons concerned.

It is our view that all organisations should first obtain this minimum requirement across all of their processing of personal data before trying to achieve best practice.

When should I do it?


The GDPR states that you should do a DPIA whenever there is a change in risk to your data subjects. In practice this means that any time you change your systems or processes relating to personal information you should perform a review. You should also put in place a schedule to review your completed DPIAs regularly. 

Where can I get it?

We’ve made this download truly free – but it would be appreciated if you would share this article with all your networks. Signup below to get it.

To move towards a fuller, best practice approach, the ICO has a code of practice on Privacy Impact Assessments on their website.

How Gydeline helps

We, at Gydeline, help small and medium sized organisations save money and time by building systems, processes and policies that simplify their business and support their sustainability aims.  We do this with a range of services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, free, no obligation assistance – just contact us.

Related Posts