TemplateFREE⏱️ 2-3 hours
Privacy Impact Assessment (PIA/DPIA) Template
A structured privacy impact assessment template for evaluating data protection risks in new features and systems.
Updated 2026-03-04
Privacy Impact Assessment (PIA/DPIA)
| # | Area | Criteria | Score (1-5) | Findings | Action Required | Status | |
|---|---|---|---|---|---|---|---|
| 1 | |||||||
| 2 | |||||||
| 3 | |||||||
| 4 | |||||||
| 5 |
#1
#2
#3
#4
#5
Edit the values above to try it with your own data. Your changes are saved locally.
Get this template
Choose your preferred format. Google Sheets and Notion are free, no account needed.
Frequently Asked Questions
When is a DPIA legally required under GDPR?+
Article 35 requires a DPIA when processing is "likely to result in a high risk to the rights and freedoms of natural persons." The European Data Protection Board lists nine criteria. If your processing meets two or more, a DPIA is required: systematic evaluation/profiling, automated decision-making with legal effects, large-scale processing of sensitive data, large-scale systematic monitoring, innovative technology use, cross-border processing, processing that prevents data subjects from exercising rights, and combining datasets from different sources.
How long should a PIA take to complete?+
For a standard feature, plan 2-3 hours for the initial draft: 1 hour with the PM and engineering lead to map data flows, 30 minutes to score risks, and 1 hour for the DPO to review and advise on mitigations. Complex features (ML models, cross-border data flows, special category data) may take 4-8 hours across multiple sessions.
Can we use a PIA for non-GDPR jurisdictions?+
Yes. The PIA framework is jurisdiction-agnostic. CCPA (California), LGPD (Brazil), POPIA (South Africa), and PIPEDA (Canada) all benefit from the same risk assessment approach. Adapt Section 1 to reference the applicable lawful basis or legal requirement for each jurisdiction.
What do we do if the DPO rejects the assessment?+
A rejection means the privacy risks are too high to proceed as designed. Work with the DPO to identify which risks are blocking. Common resolutions: reduce data collection scope, change the lawful basis (e.g., switch from legitimate interest to explicit consent), add technical safeguards (encryption, anonymization), or redesign the feature to be less privacy-invasive. Re-submit the PIA after making changes.
How does a PIA relate to a threat model?+
A PIA focuses on privacy risks to data subjects (individuals whose data you process). A [threat model](/templates/security-threat-model-template) focuses on security risks to the system (attacks, vulnerabilities, exploits). They complement each other. The PIA identifies what data needs protecting and why. The threat model identifies how that data could be compromised and what controls to implement. Run both for features that handle sensitive personal data. ---
Related Tools
Explore More Templates
Browse our full library of PM templates, or generate a custom version with AI.