An Adapted Data Protection Impact Assessment Tool

The significance of Data Protection Impact Assessments (DPIA) increased with the introduction of the General Data Protection Regulation (GDPR) in the EU which obliges companies to conduct a DPIA. Companies are supported in reaching compliance by the EU and the data protection authorities (DPA) of the member states. However, research has shown that for certain companies, especially small and medium enterprises (SMEs), it is difficult to apply GDPR and the DPIA obligation because existing methods and guidelines offer little assistance for small enterprises with no expertise in the field of privacy and data protection. Reaching compliance with GDPR becomes important for Swiss companies with the revision of the Federal Act on Data Protection (FADP). The Swiss law has been aligned towards the European regulation. Enterprises in Switzerland will therefore have to deal with data protection responsibilities like the DPIA obligation when the revised law enters into force in 2022.The objective of this study is to develop a new variant of a DPIA tool that corresponds to the target group SMEs and the legal framework GDPR. The emphasis is on SMEs in Switzerland that do not offer technology-driven products and services. The tool should support them in assessing their data processing and raising their data protection expertise....