- DPIAs are mandatory in some cases and serve to assess data protection risks for data subjects and to protect the company.
- Legal requirements for implementation are scarce; focus is on risk assessment, taking into account the risk mitigation measures taken.
- Various templates (e.g. Walder Wyss Excel form, VUD template with ChatGPT interface) are available in German and English.
Data protection impact assessments (DPIAs) are a sometimes mandatory and usually helpful tool for dealing with data protection risks for data subjects (and indirectly also for the company). The law provides little guidance on how the DSFA is to be conducted. However, it is a matter of Risk assessment for affected persons under Consideration of the measurestaken to reduce the risk.
You can represent this in different ways, and there are also various templates. We – Walder Wyss – For this purpose, we often work with an Excel-based document, which we can download under Downloads in an updated version in German and English for general use.
Direct links:
- Form DSFA, German (according to DSG; status: 25.9.2023)
- Form DSFA, English (according to DSG; English; as at: 25.9.2023)
We are grateful for feedback from the practice (or academy)!
Within the framework of the Association enterprise data protection (VUD), David Rosenthal, after a test run within the VUD, has in turn prepared a template for a DSFA that takes a slightly different approach – more in procedure than in result – and which also has a ChatGPT interface has. It is available at www.vud.ch/dsfa and rosenthal.ch.