v2.4.0 | Report Errata
docs artefact-taxonomy docs artefact-taxonomy

E8. Data Protection Impact Assessment (DPIA) Assessment of risks to individuals’ rights and freedoms from personal data processing under GDPR Article 35. Covers lawful basis for processing, data subject rights implications, and the tension between GDPR storage limitation and the AI Act’s ten-year retention. Follows EDPB guidelines (WP 248 rev.01). Cross-references FRIA findings to avoid duplication. Distinct from the FRIA; the two may share evidence but must reach independent conclusions. Responsible party: DPO Liaison drafts. AI Governance Lead approves. Regulations addressed: GDPR Article 35 (DPIA obligation); GDPR Article 36 (prior consultation); Article 10(5) (special category data). Key outputs

  • Processing description with legal basis
  • Risk assessment with mitigating measures
  • GDPR-AI Act retention reconciliation
On This Page