DPIA application

The Catalan Data Protection Authority has developed an application to facilitate the preparation of data protection impact assessments (DPIAs), a requirement in cases where there is a high risk to the rights and freedoms of individuals. This application replaces the previous one from 2020 and represents a substantial improvement, as it enhances the user experience and incorporates a catalog of risk mitigation measures in accordance with the National Security Framework (ENS), the standard that establishes the information security systems that must govern the public sector from 2022.

What is a Data Protection Impact Assessment?

A Data Protection Impact Assessment (DPIA) is a procedure that seeks to identify and control the risks to the rights and freedoms of individuals associated with data processing. The GDPR requires the data controller to carry out a DPIA when it could pose a high risk to the rights and freedoms of individuals. For example, if profiling or predictions are planned, with automated decision-making that affects individuals, when it involves sensitive data such as health data, large-scale data processing, or the systematic monitoring of a publicly accessible area.

What does the DPIA application allow?

The DPIA application is installed locally on the computer and is used only locally. Furthermore:

It does not open any ports on the computer where it is installed, because it only needs to operate locally on that computer.
It does not use the corporate network of the organization where it is installed.
It does not use the internet; it does not connect to, receive, or send data to other internet applications or services.
It does not require access control safeguards.
It does not require the definition of users, access profiles, or access credentials.

The only communication on the computer where it is installed is to save (export the work performed) or use a previously conducted impact assessment. In both cases, these are JSON files, which are structured text files that cannot contain threats to the computer or the organization beyond the text content entered by the application user.

Therefore, the DPIA application does not increase the security risks of the location or organization where it is installed and used.

Downloading and Verifying the DPIA Application from the Catalan Data Protection Authority (APDCAT)

The Catalan Data Protection Authority (APDCAT) offers the free DPIA application. Therefore, it must be downloaded exclusively from the APDCAT website.

If this procedure is not followed, the application used may not be the original and could have been modified, potentially introducing vulnerabilities.

To ensure this has not occurred, it is advisable to verify the integrity, hash, or digital signature of the downloaded file.

DPIA-2.0.1-Linux

DPIA-2.0.1-Windows

Hightlights

.pdf

Application user manual

[1 MB]

.pdf

Template for performing a DPIA

[472 KB]

.pdf

DPIA guideline

[741 KB]

.www

Video

📄

.pdf

Informative brochure

[2 MB]