Options
2026
Conference Paper
Title
Illuminating the DPIA Blackbox - A Survey of Data Protection Impact Assessment Practices in Organisations
Abstract
According to the European General Data Protection Regulation (GDPR), a Data Protection Impact Assessment (DPIA) is mandatory for all ongoing and planned processing of personal data if said processing is likely to affect the privacy and data protection rights and freedoms of the data subjects. However, upon examining the real-world implementation of this requirement, various approaches emerged, resulting in a heterogeneous landscape of DPIA processes.
In this paper, we present the results of a survey that investigated the state of adoption of DPIA process methodologies in real-world organisations. Our survey reveals that handwritten DPIA reports and ad-hoc methods continue to dominate the DPIA landscape in Europe. Moreover, according to our data, processes involving multiple stakeholders are often not adequately assessed in terms of DPIA-related risks.
In this paper, we present the results of a survey that investigated the state of adoption of DPIA process methodologies in real-world organisations. Our survey reveals that handwritten DPIA reports and ad-hoc methods continue to dominate the DPIA landscape in Europe. Moreover, according to our data, processes involving multiple stakeholders are often not adequately assessed in terms of DPIA-related risks.
Author(s)
Conference
Open Access
File(s)
Rights
CC BY-NC-ND 4.0: Creative Commons Attribution-NonCommercial-NoDerivatives
Additional link
Language
English