EDPB adopts new DPIA Template

2–3 minutes

In July 2025, the European Data Protection Board (EDPB) adopted the Helsinki Statement on Enhanced Clarity, Support, and Engagement setting out a series of initiatives aimed at simplifying GDPR compliance, strengthening consistency, improving transparency and dialogue with stakeholders, and enhancing cooperation between regulators.  Key measures arising from the Statement include the development of timely, concise and practical guidance that is accessible and easy to understand, particularly for micro, small and medium-sized organisations, and aligned with the GDPR’s risk-based approach, as well as the introduction of ready‑to‑use templates that build on and harmonise existing work carried out at national level.

In support of these objectives, the EDPB has adopted a standardised template for Data Protection Impact Assessments (DPIA).  The template is intended to assist organisations in structuring, harmonising and evidencing their DPIA processes and is accompanied by an explanatory document that provides clear, concise guidance on how to complete it effectively.  This supporting material breaks down key concepts in plain language and addresses common questions and potential knowledge gaps faced by data controllers.

A DPIA is required where processing activities are likely to result in a high risk to individuals’ rights and freedoms, and involves describing the intended processing, assessing its necessity and proportionality, and identifying measures to mitigate identified risks.  The EDPB template is designed to guide organisations step by step through this process, while allowing controllers the flexibility to carry out risk analysis and risk management using their preferred methodology.  Although use of the template is not mandatory, it offers predefined fields that encourage complete, structured and consistent responses, helping to ensure that all required information is captured accurately while reducing the risk of omissions and saving time.

The DPIA template is subject to public consultation until 9 June 2026.  After the public consultation is finished, the template will be finalised, subject to any necessary amendments, after which data protection authorities will take steps to adopt it either as their sole template or as a meta‑template compatible with national versions.  In the interim, organisations are encouraged both to make use of the template and to provide feedback as part of the public consultation process.

Contributor: Kieran Harte

More ICS News

Read more ICS News

Become a Member
ADPO News
HISI News
IASA News
itSMF News
Irish Digital Skills & Jobs Coalition News
EU Tech Policy News
AI Policy News

Discover more from Irish Computer Society

Subscribe now to keep reading and get access to the full archive.

Continue reading