Submitted by:

Process (System/Manual):

Process Owner:

Date Conducted:

Privacy Impact Analysis

Legitimate Purpose

Question	Yes	No	N/A	Remarks / Justification
Is there a lawful basis for processing personal data?
Is the processing compatible with a declared and specified purpose?
Are all functionalities aligned to the purpose?

Transparency

Question	Yes	No	N/A	Remarks / Justification
Are the information provided prior to the collection? Please specify how in the remarks section.
Does the privacy notice remain accessible any time a data subject wants to know more about the processing system? Please specify how in the remarks section.

Proportionality

Question	Yes	No	N/A	Remarks / Justification
Is the processing of personal data adequate, relevant, and not excessive?
Has the necessity of each personal data been assessed?
Is it possible to achieve the purpose by processing fewer personal data?
Will the "need-to-know" principle be adopted when granting access?
Does the processing use the least intrusive & most privacy-preserving method based on industry standards?
Will the processing stop once the purpose is achieved?

Data Subject Rights

Data Subject Right	Procedures to Exercise	Controls	Acceptable (Y/N)	Remarks / Justification
Right to be informed			Y N
Right to access			Y N
Right to object			Y N
Right to erasure			Y N
Right to damages			Y N
Right to file a complaint			Y N
Right to rectify			Y N
Right to data portability			Y N

Risk Table

Vulnerability	Threat	Risk	Impact	Probability	Risk Rating	Mitigation	Residual Risk	Action	Date

Add Risk Row

Signatories

Drafted By:

Reviewed By:

Recommended By:

Approved By:

🖨️ Print / Save as PDF