A free web-based Data Protection Impact Assessment Tool to assist organisations to evaluate data protection risks with respect to the EU's General Data Protection Regulation (GDPR). The questions used within this tool were originally produced by the A4Cloud project, the original questionnaire is available here.

An instance of the tool is hosted on GitHub Pages for preview. Please note, to demonstrate how one might use this project for self-service data protection impact assessments within a DevOps team, this project uses the Staticman project, a useful tool for static sites such as GitHub pages that allows user generated content, in our case GDPR DPIAs, to be committed into a GitHub repository, for this project the submissions are committed on a branch called staticman. The data protection impact assessments could then be used within a GitOps workflow to allow a security expert within the wider DevSecOps team to provide more in-depth analysis and a set of recommendations for a project or sprint.

DISCLAIMER Please use this only for what it is intended, a first pass assessment, seek separate legal and privacy advice for a more formal assessment of your organisation’s position. I accept no liability.