The d.pia.lab is pleased to announce that the Policy Brief No. 1/2020 Data protection impact assessment in the European Union: developing a template for a report from the assessment process has been listed in the IAPP Resource Centre.
Other than for its conformity to Article 35-36 GDPR, the template has been praised for the following novel aspects:
- First, it aims at comprehensiveness to arrive at the most robust advice for decision-making.
- Second, it aims at efficiency, that is, to produce effects with the least use of resources.
- Third, it aims at exploring and accommodating the perspectives of various stakeholders, although the perspective of individuals dominates; it, therefore, fosters fundamental rights thinking by, for example, requiring justification for each choice, hence going beyond a mere ‘tick-box’ exercise.
- Fourth, it aims at adhering to the legal design approach to guide the assessors in a practical, easy and intuitive manner throughout the 11-step assessment process, providing necessary explanations for each step, while being structured in expandable and modifiable tables and fields to fill in.
- Fifth, it assumes its lack of finality as it will need to be revised as experience with its use grows.