Data Protection Impact Assessments

Under the GDPR, when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, the data controller must carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. It must be done prior to the processing,

Processing activities in particular using new technologies involving

  • systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
  • processing on a large scale of special categories of data referred to in Article 9(1), or of personal data relating to criminal convictions and offences referred to in Article 10; or
  • systematic monitoring of a publicly accessible area on a large scale.

require controllers to conduct a data protection impact assessment.

The Bizoneo's DPIA module allows data controllers to conduct personal data processing risk assessments while taking into account the nature, scope, context and purposes of the processing. The data protection officer can review and document his or hers comments.

Key features


  • Documentation of the proposed activities
  • Purpose
  • Lawful bases
  • Consideration of the rights and freedoms that may be impacted, aligned with the EU Charter.of Fundamental Rights
  • Ability to link to existing assets and organisations

Risk analysis

  • Ability to document multiple risks
  • Risk matrix
  • Mitigation actions


  • The DPO can access and enter their own comments


  • Dashboards with progress
  • Professional looking DPIA with company logo.

Bizoneo - How can we help? DEMO REQUEST