Skip to main content
All CollectionsImplementation & AdminPrivacy, Information Security and Terms
Guidance and templates for Data Protection Impact Assessment (DPIA)
Guidance and templates for Data Protection Impact Assessment (DPIA)

This DPIA guidance and templates are designed to help companies ensure GDPR compliance when working with Teamspective.

Updated over 5 months ago

Process Guidance for DPIA

This DPIA guidance and template is designed to help companies ensure GDPR compliance when working with Teamspective. The templates include pre-filled descriptions for each key part of DPIA.

If your company does not have a pre-defined process for DPIA, here are the recommended steps:

(click on image to see in full size)

  1. Identify the Need for a DPIA:

    1. Before proceeding, you should confirm if there is a need for a DPIA. Quite often this may not be considered critical in younger companies whose operations are still simple, organization small and not spread out across many regions. More established companies with large organizations more often want to ensure the compliance with their policies, and consider this critical. Teamspective is used to collect and process personal employee information, often increasing the importance of data processing practices.

  2. Describe the Processing:

    1. Purpose: Explain why the software is being implemented.

    2. Nature: Detail what data will be collected and how.

    3. Scope: Define the extent and volume of data processing.

    4. Context: Provide the context in which data will be processed.

    5. Duration: State the length of time data will be retained.

  3. Consult Stakeholders:

    1. Internal: Engage with relevant departments (HR, Legal, IT).

    2. External: Consult with the software provider.

  4. Assess Necessity and Proportionality:

    1. Justify why the data collection and processing are necessary.

    2. Ensure that the processing is proportionate to the intended purpose.

  5. Identify and Assess Risks:

    1. Identify potential risks to employee data privacy and security.

    2. Evaluate the likelihood and severity of each risk.

  6. Implement Mitigation Measures:

    1. Outline steps to mitigate identified risks (e.g., encryption, access controls).

  7. Document the DPIA:

    1. Use one of the pre-filled templates provided to you below.

    2. Approval and Review: Obtain sign-off from relevant authorities and schedule regular reviews.

We recommend preparing a DPIA with the relevant internal stakeholders, and consulting with Teamspective when needed. Persons included may include Data Protection Officer (DPO), Information Security Officer (CISO), employee representatives or worker’s councils, selected members of legal and HR team. DPIA should be regularly reviewed to check if the relevant purposes of data collection remain valid.

The template is written in a ready-to-use format: referring to your organization as “Our company” and to Teamspective by their name or as “the partner”. It also contains some [HIGHLIGHTS IN BRACKETS] - they indicate that the following content should be reviewed and modified to suit your company’s situation.

DPIA templates

For Survey-based Organizational Network Analysis

Copy or download via this link

For Passive (Surveyless) Organizational Network Analysis

Copy or download via this link

FAQs

What is the purpose of a DPIA?

To identify and mitigate risks associated with data processing activities.

How often should a DPIA be conducted?

Whenever there are significant changes to processing activities or at regular intervals.

This template provides a structured approach to conducting a DPIA, ensuring thorough analysis and compliance with GDPR requirements.

Did this answer your question?