lumen.privacy · DPIA
First check if — then assess how risky
The data protection impact assessment per Art. 35 GDPR as a guided process: threshold check with nine criteria, six-step wizard, 5×5 risk matrix and DPO review — through to PDF export.
Threshold check
Nine criteria decide whether a DPIA is required
Before assessing, you check: automated individual decisions? Special categories at scale? Scoring or profiling? New technologies? If at least two of the nine criteria apply, lumen.privacy marks the DPIA as required — aligned with supervisory guidance.
- Nine checkbox criteria, aligned with supervisory practice
- Two or more criteria make the DPIA required
- The result is documented — even when no DPIA is needed
- Can be started straight from a processing activity
Risk assessment
A 5×5 matrix instead of free-text prose
You rate risks by likelihood and impact on a scale of 1 to 5 — the score is the product, and the matrix shows levels from “low” to “very high”. After measures, you document the residual risk with residual likelihood and impact.
- Score = likelihood × impact, visualised in the 5×5 matrix
- Residual risk assessed separately after measures
- DPO review with opinion, date and release status
- “Consultation required” status supports Art. 36 GDPR
In the module
From wizard to audit log
Six-step wizard
Basics, threshold check, description, risks, measures, summary.
Approval workflow
Draft → in progress → submitted → completed; rejection returns to draft.
PDF export
The complete DPIA as an audit-ready PDF — with DPO details.
Documents & tasks
Attach evidence, delegate measures as tasks.
Comments
Alignment right on the DPIA — no email ping-pong.
Audit log
Every change logged — traceable for audits.
Early access
Your next DPIA — not in Word
See in a demo how threshold check, risk matrix and DPO review interlock — using an example from your own register.