Data Protection Impact Assessment – Cybersecurity

The challenge and how we can help you

The Data Protection Impact Assessment (DPIA) is performed for data processing which presents specific risks to the rights of the data subjects (see Art. 35 GDPR “Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the foreseen processing operations on the protection of personal data.”).

The Model will be set up (based on the Guidelines on the Data Protection Impact Assessment available at: and the procedure for the DPIAs and assessments of the treatments considered to be at risk will take place. In particular, the main risks deriving from these data processing operations will be outlined and will therefore be evaluated using a methodology deriving from the ISO/IEC 27005:2018 standard. Finally, if the detected risk levels were assessed as medium-high, additional security measures will be defined in order to mitigate them to an acceptable level.