Conduct a Data Privacy Impact Assessment

Step-by-step

1. 1 Launch the 'Data Privacy Impact Assessment' workflow (the 'Data Privacy Impact' quickstart). It opens a six-step wizard: Scope, Data, Impact, Safeguards, Governance, and Review.
2. 2 On 'Scope' (Privacy Program Scope), enter the Program Name, select the applicable regulations and frameworks (for example GDPR, NDPA, CCPA/CPRA), the primary legal basis for processing, and your operational jurisdictions, then click 'Continue'.
3. 3 On 'Data' (Data Inventory & Classification), use the four tabs: add 'Personal Data' categories with sensitivity and volume, 'Processing Activities' (Article 30 records with purpose, legal basis, and retention), 'Data Subjects' (selecting Children triggers enhanced DPIA requirements), and cross-border 'Transfers' with their transfer mechanism.
4. 4 On 'Impact' (Impact Assessment & Risk Analysis), complete the DPIA Trigger Assessment (two or more triggers mandate a full DPIA), then rate each privacy risk dimension for Likelihood and Severity to set its score.
5. 5 On 'Safeguards' (Safeguards & Mitigation Measures), select your Privacy by Design measures (Article 25), map the compliance controls, and confirm the Data Subject Rights mechanisms (access, rectification, erasure, restriction, portability, object, automated decision, and withdraw consent).
6. 6 On 'Governance' (Accountability & Governance), assign the DPO or privacy lead, then set the approval authority, review frequency, prior consultation status (Article 36), breach notification window, incident response status, and Records of Processing (Article 30) status.
7. 7 On 'Review', check the DPIA Readiness score and the summary, then click 'Submit DPIA' to record the assessment.