The d.pia.lab is pleased to announce that the Policy Brief No. 1/2020 Data protection impact assessment in the European Union: developing a template for a report from the assessment process has been listed in the IAPP Resource Centre.
Other than for its conformity to Article 35-36 GDPR, the template has been praised for the following novel aspects:
- First, it aims at comprehensiveness to arrive at the most robust advice for decision-making.
- Second, it aims at efficiency, that is, to produce effects with the least use of resources.
- Third, it aims at exploring and accommodating the perspectives of various stakeholders, although the perspective of individuals dominates; it, therefore, fosters fundamental rights thinking by, for example, requiring justification for each choice, hence going beyond a mere ‘tick-box’ exercise.
- Fourth, it aims at adhering to the legal design approach to guide the assessors in a practical, easy and intuitive manner throughout the 11-step assessment process, providing necessary explanations for each step, while being structured in expandable and modifiable tables and fields to fill in.
- Fifth, it assumes its lack of finality as it will need to be revised as experience with its use grows.
The template forms part of the architecture of impact assessment, which typically consists also of a framework and a method. Consult other d.pia.lab publications and policy briefs.