Privacy-first delivery

Data Protection Impact Assessment template

This template mirrors the process we complete before building any solution that processes personal data. It follows UK GDPR Article 35 and the ICO's DPIA guidance so your governance, risk management, and Breath Technology ethos evidence stay aligned.

Save, duplicate, and securely store completed DPIAs alongside your change logs. Everything here can be copied into your documentation system or exported to PDF after completion.

Akadata commitment

"Encryption, least privilege, and transparent audit trails are standard—because trust cannot be outsourced. No analytics traps. No data resale. No hidden tracking. Just lawful stewardship that breathes the same breath as those it serves."

Controller details

Capture who is accountable for the DPIA and how stakeholders contact them.

Format: DD/MM/YYYY

Step 1 — Identify the need for a DPIA

Summarise the project, its aims, and why a DPIA is required.

Tick all that apply

Step 2 — Describe the processing

Outline how data flows, what you process, who is affected, and the purpose.

List third parties, subprocessors, or integrations

Tick all that apply

Relationship with individuals, expectations, vulnerabilities, public concerns, novelty, and security posture

Include intended effects, broader benefits, lawful basis, and any Article 9 grounds

Step 3 — Consultation process

Record how and when you'll engage stakeholders, processors, and subject matter experts.

Step 4 — Assess necessity and proportionality

Explain how the processing remains lawful, necessary, and proportionate while supporting individual rights.

Describe how the processing purpose is clearly defined, necessary, and proportionate.

Data minimisation, purpose limitation, storage limitation, security

How you inform and action data subject rights

Adequacy decisions, SCCs/BCRs, derogations, and countries involved

Step 5 — Identify and assess risks

Log each risk, the source, likelihood, severity, and resulting risk grade.

RiskSource of riskNature of impactLikelihoodSeverityOverall risk

Step 6 — Identify measures to reduce risk

Record how each risk will be reduced, residual risk, and approval status.

RiskOptions to reduce riskEffect on riskResidual riskMeasure approved

Step 7 — Sign off and record outcomes

Document who approved mitigation measures, residual risks, and review cadence.

ItemName / Position / DateNotes
Measures approved by
Residual risks approved by
DPO advice provided
Summary of DPO advice
DPO advice accepted or overruled by
Comments
Consultation responses reviewed by
Consultation comments
This DPIA will be kept under review by

This DPIA reflects our commitment to privacy-first delivery. As detailed in our Why Akadata page, we practise data minimisation and lawful handling as second nature, not compliance theatre. Some say we bleed the same blood — we say we all breathe the same breath.