top of page
DPO expert

Why should my company perform a DPIA? 

Since the emergence of privacy legislation, it has become increasingly important for companies toGDPR-compliantto operate. Performing a DPIA can be very useful in this regard. In some cases, a DPIA is even mandatory. mr. Franklin explains how to get oneData Protection Impact Assessmentneeds to prepare and what it can mean for your company.

General Data Protection Regulation (GDPR)


TheGeneral Data Protection Regulationisapplicable since 2018on all entities and companies thatprocess personal data. The main purpose of this is to protect natural persons against the privacy risks of data processing.

Due to the broad understanding of the concept of "data processing", there is a very real chance that your company also processes personal data. As a result, your company also meets theGDPR standardsmust comply. A correctly executedData Protection Impact Assessmentprovides more insight into any privacy risks so that you can take effective measures to operate your company in compliance with GDPR.

What is a Data Protection Impact Assessment? 


DPIA stands forData Protection Impact Assessment. DPIA is also sometimes referred to as data protection impact assessment.

In a Data Protection Impact Assessment, theprivacy and information security risksof an application, aonline platformor mapped a specific processing activity. Based on the information obtained, measures can then be taken to reduce these risks.

More detailed information can be found in ourarticle on DPIA.

Is DPIA mandatory?


Strictly speaking, a DPIAmandatory for each new processingwhich may have privacy implications. TheData Protection Authority (the Belgian Data Protection Authority) has alist of activitiesfor the implementation of which a DPIA is mandatory. A company that undertakes one or more activities from this list must carry out a DPIAbeforeproceed to data processing.

Performing a DPIA is therefore not mandatory in all cases. Well, it canmany companies, and certainly companies thatrisky processingwant to start are very helpful. Think of processing operations that relate to special personal data such asmedical data. Or if your company is going to develop new technologies or software that process personal data, such as aonline web platform.

When performing a DPIA on aonline platformby mr. Franklin, the platform is tested by our experts against the GDPR standards, the security measures, privacy by design and privacy by default. For example, it is checked whether the online platform of your company handles personal data correctly, who the data processors are, where and how the processed data is stored, and so on. At the end of the DPIA procedure, the company will receive a document from us containing thereportof our findings. This document may further be made available by the Company to its customers to demonstrate that itonline platform GDPR compliantis offered. This creates more trust between the company and its customers. In addition, after a DPIA procedure, one gains insight intotechnical and organizational measuresthat can promote the GDPR-compliant operation of the online tool.

Furthermore, performing a DPIA is the first step towards oneISO certification. Not all companies are suitable to apply for an ISO certificate: it can be too burdensome both financially and administratively, in particular forstartups. A DPIA report prepared by Mr. Franklin may be a suitable substitute for companies that are in the growth phase or lack the resources to achieve aISO 27001 certificatehave surplus.

Who performs DPIA? 


A Data Protection Impact Assessment can be performed bythe data controller (controller).This is the person within your company who makes decisions about the fate of the personal data (whether or not to process it, why to process it, etc.). This controller can also carry out a DPIA procedureby externalshave it executed. In this case, he still remains ultimately responsible. 


If necessary and possible, the advice of the data subjects (the natural persons whose data are processed) must also be requested. This can be done, for example, on the basis of a DPIA questionnaire or a survey.


The entities that require adata protection officermust therefore also consult them when performing a DPIA.

Who is Mr. Franklin? 


mr. Franklin is a law firm specialized in intellectual property rights, GDPR and ISO 27001 implementation. mr. Franklin offers a DPIA audit of high-risk processing operations and of the online platform, both onprivacyifcyber securityflat. In doing so, we provide concrete recommendations on data protection and a corresponding risk analysisISO 27001requirements. A commercial document is also drawn up that can be presented to customers.

In addition, Mr. Franklin tooall in oneGDPR formulasto make your company GDPR-proof in all areas. We draw up the privacy policy on the basis of a privacy audit. The processing of personal data in your organization is then mapped out, as well as the infrastructure and security measures taken. Also, thenecessary documentsmade up.

We also provideGDPR trainingfor companies. The approach always takes place in consultation and remains pragmatic, with a lot of attention for the aspirations and needs of your company.

Prices for all-in-one packages start from 2,000.00 € + VAT.

Protect your company against GDPR fines and do a free GDPR audit with Mr.Franklin.


GDPR-proof in max 3 months

Data Protection Authority


In certain situations, you as a company are obliged to provide theConsult data protection authoritybefore processing personal data. This is the case when the results of the Data Protection Impact Assessment show that the intendedprocessing poses a high privacy riskdespite the measures taken. 


If you believe that the intended measures will reduce this risk, it is recommended to put on paper that your company has taken appropriate measures. That way you can get into theany discussionsdemonstrate with the Data Protection Authority that the privacy risks have been addressed.

Have a DPIA performed by the experts at Mr. Franklin


TheDPOs with certificationfrom mr. Franklin can check the privacy risks within your company andassess whether a DPIA is appropriateis. We offer the necessary website and application tests. This way you are not faced with surprises and you have a clear view of the processing of personal data within your company. Feel free to contact us for a more detailed explanation about the Data Protection Impact Assessment within your company.


For more information about our services, you can always contact us without obligation.



Oliver Sustronck

+32 486 27 53 05

bottom of page