# Data Protection Impact Assessment

> Use this template to dPIA for high-risk processing of personal data.

## Template Metadata

| Field | Details |
|-------|---------|
| Category | Cybersecurity & Privacy |
| Owner | [Team or owner] |
| Version | [Version number] |
| Effective Date | [Date] |
| Review Cycle | [Monthly / Quarterly / Annual / Event-based] |
| Status | [Draft / In Review / Approved] |

## Processing Overview

Explain the purpose, lawful basis, systems, and processing lifecycle.

| Item | Details | Owner | Status |
|------|---------|-------|--------|
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |

### Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

## Data Subjects

Identify affected groups, data categories, special category data, and volumes.

| Item | Details | Owner | Status |
|------|---------|-------|--------|
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |

### Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

## Necessity

Assess whether the processing is necessary, proportionate, and limited.

| Item | Details | Owner | Status |
|------|---------|-------|--------|
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |

### Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

## Risk Assessment

List privacy risks to individuals with likelihood, impact, and severity.

| Item | Details | Owner | Status |
|------|---------|-------|--------|
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |

### Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

## Mitigations

Define technical, organizational, and contractual controls.

| Item | Details | Owner | Status |
|------|---------|-------|--------|
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |

### Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]

## Approval

Record DPO, Legal, Security, and business owner decisions. Use precise privacy terminology and document residual risk clearly.

| Item | Details | Owner | Status |
|------|---------|-------|--------|
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |
| [Item or requirement] | [Describe the relevant detail, evidence, or decision] | [Owner] | [Open / Complete] |

### Notes

[Add context, assumptions, exceptions, evidence links, screenshots, calculations, or reviewer comments.]