Whistic Adds Data Protection Impact Assessment (DPIA) to Library

February 09, 2022

The GDPR has been in effect since 2018 and in the middle of the Risk and Compliance conversation even longer. It applies to any organization operating within the EU, as well as any organizations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately means that almost every major corporation in the world needs a GDPR compliance strategy.

Article 35 of the GDPR covers Data Protection Impact Assessments. The DPIA is a recent requirement under the GDPR as part of the “protection by design” principle. According to the law:

Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

As outlined in Article 35, the GDPR requires DPIAs to contain the following elements:

  • A description of the planned processing operations and the purposes of the processing
  • An assessment of the necessity of the processing operations in relation to the purposes
  • An assessment of the risks to the rights and freedoms of data subject

If you are beginning a data processing activity that is likely to involve “a high risk” to other people’s personal information, completing a self assessment using the DPIA template in Whistic beforehand is a good idea.  Also it’s an easy way to perform internal discovery and more importantly, comply with GDPR.

For more information on DPIA, click here

See your full security picture with Whistic. Automate your program, assess vendors easily, and start using security to your advantage. Learn more.

gdpr standards vendor security review security assessments third party risk mgmt

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.