lumen.privacy · DPIA

First check if — then assess how risky

The data protection impact assessment per Art. 35 GDPR as a guided process: threshold check with nine criteria, six-step wizard, 5×5 risk matrix and DPO review — through to PDF export.

Threshold check

Nine criteria decide whether a DPIA is required

Before assessing, you check: automated individual decisions? Special categories at scale? Scoring or profiling? New technologies? If at least two of the nine criteria apply, lumen.privacy marks the DPIA as required — aligned with supervisory guidance.

  • Nine checkbox criteria, aligned with supervisory practice
  • Two or more criteria make the DPIA required
  • The result is documented — even when no DPIA is needed
  • Can be started straight from a processing activity
DSFA-Schwellwert-Check mit neun Kriterien in lumen.privacy

Risk assessment

A 5×5 matrix instead of free-text prose

You rate risks by likelihood and impact on a scale of 1 to 5 — the score is the product, and the matrix shows levels from “low” to “very high”. After measures, you document the residual risk with residual likelihood and impact.

  • Score = likelihood × impact, visualised in the 5×5 matrix
  • Residual risk assessed separately after measures
  • DPO review with opinion, date and release status
  • “Consultation required” status supports Art. 36 GDPR
DSFA-Risikobewertung mit 5×5-Matrix in lumen.privacy

In the module

From wizard to audit log

  • Six-step wizard

    Basics, threshold check, description, risks, measures, summary.

  • Approval workflow

    Draft → in progress → submitted → completed; rejection returns to draft.

  • PDF export

    The complete DPIA as an audit-ready PDF — with DPO details.

  • Documents & tasks

    Attach evidence, delegate measures as tasks.

  • Comments

    Alignment right on the DPIA — no email ping-pong.

  • Audit log

    Every change logged — traceable for audits.

Early access

Your next DPIA — not in Word

See in a demo how threshold check, risk matrix and DPO review interlock — using an example from your own register.