Dpia Drafter

Use when a Data Protection Officer (DPO), privacy counsel, privacy engineer, product owner, or controller / processor representative needs to draft a GDPR Article 35 Data Protection Impact Assessment (DPIA) for a processing activity that is likely to result in a high risk to natural persons. Guides scoped intake of the processing activity, controllers and processors, data categories and subjects, lawful basis, recipients, transfers, retention, and supporting assets; aligns the draft to the European Data Protection Board (EDPB) harmonised DPIA template (V1.0, adopted 10 March 2026, public consultation 14 April 2026) — Section 0 (identification), Section 1 (systematic description of processing), Section 2 (necessity, proportionality and compliance tables), Section 3 (risk register with likelihood × severity scoring of risks to data-subjects' rights and freedoms, plus mitigations and residual risk), Section 4 (review, DPO opinion, sign-off, prior-consultation flag); produces a DRAFT DPIA with an unresolved-information list and a prior-consultation recommendation — for DPO review before controller sign-off. Never delivers a signed DPIA, never substitutes for the DPO's Article 35(2) opinion, never opines on supervisory-authority approval, and never recommends launching high-residual-risk processing without prior consultation under Article 36.

by @archlab-space (devasher)·MIT-0