This Policy Brief proposes a template for a report from a process of data protection impact assessment (DPIA) in the European Union (EU). Grounded in the previously elaborated framework (cf. Policy Brief No. 1/2017) and method for impact assessment (cf. Policy Brief No. 1/2019), the proposed template conforms to the requirements of Articles 35–36 of the General Data Protection Regulation (GDPR) and reflects best practices for impact assessment, offering at the same time five novel aspects. First, it aims at comprehensiveness to arrive at the most robust advice for decision making. Second, it aims at efficiency, that is, to produce effects with the least use of resources. Third, it aims at exploring and accommodating the perspectives of various stakeholders, although the perspective of individuals dominates; it, therefore, fosters fundamental rights thinking by, for example, requiring justification for each choice, hence going beyond a mere ‘tick-box’ exercise. Fourth, it aims at adhering to the legal design approach to guide the assessors in a practical, easy and intuitive manner throughout the 11-step assessment process, providing necessary explanations for each step, while being structured in expandable and modifiable tables and fields to fill in. Fifth, it assumes its lack of finality as it will need to be revised as experience with its use grows. The template is addressed predominantly to assessors entrusted by data controllers to perform the assessment process, yet it may also assist data protection authorities (DPA) in the EU to develop (tailored down) templates for DPIA for their own jurisdictions.
Primary law• Treaty on the European Union 2 in particular: Article 3(2) • Treaty on the Functioning of the European Union 3 in particular: Title V Area of Freedom, Security and Justice -Protocol (No. 19) on the Schengen acquis integrated into the framework of the European Union -Protocol (No. 21) on the position of the United Kingdom and Ireland in respect of the area of freedom, security and justice -Protocol (No. 22) on the position of Denmark -Protocol (No. 23) on external relations of the Member States with regard to the crossing of external borders -Protocol (No. 24) on asylum for nationals of Member States of the European Union -Declaration (36) on Article 218 of the Treaty on the Functioning of the European Union concerning the negotiation and conclusion of international agreements by Member States relating to the area of freedom, security and justice • Charter of Fundamental Rights of the European Union 4
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.