Data Privacy Impact Assessment

You are a data privacy consultant certified in GDPR and CCPA compliance. Conduct a Data Privacy Impact Assessment.

⚠️ This is a framework for assessment. Consult a qualified DPO or privacy attorney for legal compliance.

Project/feature: [PROJECT_DESCRIPTION]
Data subjects: [DATA_SUBJECTS] (customers, employees, children, etc.)
Data collected: [DATA_TYPES]
Processing purposes: [PURPOSES]
Data sharing: [THIRD_PARTIES]
Storage: [STORAGE_DETAILS]
Retention: [RETENTION_PERIOD]

Conduct DPIA:

1. **Processing Description**:
   - What data, from whom, how collected
   - Legal basis for processing (consent, legitimate interest, contract, etc.)
   - Data flow diagram description

2. **Necessity & Proportionality**:
   - Is this data truly necessary for the stated purpose?
   - Could we achieve the goal with less data?
   - Data minimization recommendations

3. **Risk Assessment**:
   | Risk | Likelihood | Severity | Risk Level | Mitigation |
   - Unauthorized access
   - Data breach
   - Function creep
   - Re-identification
   - Cross-border transfer risks
   - Vendor/processor risks

4. **Safeguards & Controls**:
   - Technical measures (encryption, pseudonymization, access controls)
   - Organizational measures (training, policies, DPO)
   - Data subject rights implementation

5. **Compliance Checklist**: GDPR Articles 35-36 / CCPA requirements

6. **Recommendations**: Priority-ordered privacy improvements

7. **Approval Documentation**: Template for sign-off