Template · DPIA SKELETON

DPIA skeleton · Analytics tool deployment

Template body

# Data Protection Impact Assessment (DPIA)
## {{tool_name}} deployment on {{site_domain}}

**Author:** {{author_name}} ({{author_role}})
**Reviewed by DPO:** {{dpo_name}}
**Date:** {{dpia_date}}
**Version:** 1.0

---

## 1. Description of processing
- **Tool:** {{tool_name}} ({{tool_vendor}})
- **Purpose:** Web analytics — measure traffic, content engagement, and basic conversion events
- **Categories of data:**
  - Auto-collected: IP address (full/truncated/hashed), user agent, page URLs, referrer, screen size, language
  - User-provided (after consent): user ID hash, custom event parameters
- **Data subjects:** all visitors to {{site_domain}}, with consent
- **Volume:** ~{{monthly_visitors}} unique visitors/month
- **Frequency:** continuous, real-time

## 2. Necessity and proportionality

### Lawful basis
GDPR Art 6(1)(a) — consent. Captured via [Cookie banner](/topics/cookie-banner/).

### Data minimization
- IP address: {{ip_handling}} (truncated / hashed / not stored)
- User-agent string: stored {{ua_handling}}
- No name, email, address, or other direct identifiers collected via this tool
- Cross-site tracking: {{cross_site_yes_no}}

### Retention
- {{tool_name}} data: {{retention_period}}
- Aggregated reports: {{aggregated_retention}}

## 3. Risks identified

| Risk | Likelihood | Severity | Score |
|---|---|---|---|
| Re-identification from IP+UA combination | {{r1_lik}} | {{r1_sev}} | {{r1_score}} |
| Vendor data breach | {{r2_lik}} | {{r2_sev}} | {{r2_score}} |
| Third-country surveillance access (Schrems II) | {{r3_lik}} | {{r3_sev}} | {{r3_score}} |
| Consent withdrawal not honoured downstream | {{r4_lik}} | {{r4_sev}} | {{r4_score}} |

## 4. Mitigation measures

### Technical
- IP truncation enabled at vendor level: {{tech_ip_anon}}
- Encryption in transit (TLS 1.2+): yes
- Data residency: {{data_residency}}
- Pseudonymization at source: {{pseudonymization}}

### Organisational
- DPA with vendor signed: {{dpa_signed_date}}
- Sub-processor list reviewed: {{subprocessor_review_date}}
- Annual review scheduled: {{annual_review_date}}
- Consent management integrated with {{cmp_name}}

### Transfer
- Mechanism: {{transfer_mechanism}} (DPF / SCC / adequacy decision)
- Transfer Impact Assessment date: {{tia_date}}
- Supplementary measures: {{supplementary_measures}}

## 5. Consultation
- DPO consulted: yes (signed below)
- Stakeholders consulted: {{stakeholders}}
- Data subjects consulted: not applicable (consent-based, can withdraw)
- Supervisory authority consulted: {{dpa_consultation_yes_no}}

## 6. Conclusion

Risk after mitigation: {{residual_risk_level}} ({{low|medium|high}})
- If LOW or MEDIUM: proceed with deployment
- If HIGH: prior consultation with supervisory authority required (GDPR Art 36)

## 7. Sign-off
- DPO: {{dpo_name}} — Date: {{dpo_signoff_date}}
- Controller representative: {{controller_rep_name}} — Date: {{controller_signoff_date}}

---

**Review schedule:** This DPIA is reviewed annually or upon material change in tool, vendor, retention, or scope.

Variables to fill in