Introduction to Resource Center
This page provides an overview of the IAPP's Resource Center offerings.

Contact Resource Center
For any Resource Center related inquiries, please reach out to resourcecenter@iapp.org.

Data Protection and Privacy Impact Assessments


Image

Data Protection and Privacy Impact Assessments Topic Page

Navigate by Topic

Privacy impact assessments and data protection impact assessments are valuable tools to gauge the ways projects, systems, programs, products or services impact the data an organization holds, and increasingly they are being required by law for certain data processing. Having a good understanding of what PIAs and DPIAs are, how to implement them and who needs to be involved can be the key to determining the true effect a new project will have on your organization.

This topic page provides resources, news, tools and guidance to gain more in-depth knowledge on PIAs and DPIAs.

Featured Resources

ARTICLE

Key steps for meeting US state PIA obligations

This article outlines steps for managing comprehensive PIAs, including generating a project description, assessing data processing needs, and estimating data protection and privacy risks.
Read More

WEB CONFERENCE

Building a Privacy Risk Framework for Accountability Through PIAs

In this web conference you will learn how to build a PIA framework that can establish the accountability needed to help manage privacy ris
Read More

ARTICLE

The increasing importance of a DPIA

Adam Schlosser, CIPP/E, CIPP/US, founder of Bay Regulatory Strategy Group, explains why now is the time for companies to turn their attention to DPIAs.
Read More

ARTICLE

Automation is not a silver bullet for underlying PIA process issues

This article outlines how to handle successful PIAs, privacy professionals need to assess what the product is, if it uses personal information, the risks that come with processing that kind of personal information, the impact that risk could have on the business and how to mitigate those risks.
Read More

ARTICLE

What is and what isn’t subject to a DPIA under GDPR? An update

This article breaks down the draft lists from the EDPB, which offered its opinion on what activities need a data protection impact assessment.
Read More

INFOGRAPHIC

What triggers a DPIA under the GDPR?

This infographic helps determine what kinds of activities are more likely to trigger a mandatory data protection impact assessment under the GDPR.
Read More

Back to top

Additional News and Resources

DPIA Template (d.pia.lab)

TOOL

Sample System Privacy Impact Assessments

TOOL

Switzerland DPA releases data protection impact assessment guide

ARTICLE

Steps to conducting a successful PIA

ARTICLE

PDPC – Guide to Data Protection Impact Assessments

GUIDANCE

ANPD releases DPIA guidance

ARTICLE

OPC publishes organizational tips for conducting PIAs

ARTICLE

Guide to Undertaking Privacy Impact Assessments

GUIDANCE

Interactive Advertising Bureau — GDPR Data Protection Impact Assessments for Digital Advertising under the GDPR

GUIDANCE

EDPS infographic: DPIAs in a nutshell

INFOGRAPHIC

Utilizing PIAs to limit institutional discrimination and bias

ARTICLE

OPC’s Guide to the PIA Process

GUIDANCE

Data-processing agreements from 30,000 feet

ARTICLE

Preparing for the GDPR: DPOs, PIAs, and Data Mapping

WHITE PAPER

PIAs and Data Mapping – Operationalizing GDPR and Privacy by Design

WEB CONFERENCE

Back to top