Audit modelPIA (CNIL) - Privacy Impact Analysis

Template allowing to analyze the risks on privacy according to the CNIL's method. It is possible to import the PIA realized with the CNIL tool on this template. Version 1.0

1. Contexte

1.1. General Information

1.1.1. What is the data processing that is being studied?

Present in a synthetic way: its name, its purpose(s), its stakes (expected contributions), its context of use

1.1.2. What are the responsibilities related to the data processing activity ?

Describe the responsibilities of the stakeholders: the controller, the processors and the joint controllers if applicable

1.1.3. What are the applicable standards?

Indicate here which benchmarks are applicable to the data processing activity. The benchmarks are normative frameworks and are used to assist in conducting the analysis.

1.2. Description

1.2.1. What data is processed?

List the data collected and processed, indicating the retention periods, the recipients and the persons who can access them.

1.2.2. How does the data life cycle work (functional description)?

Describe the life cycle of the data here.

You may include a flow diagram as an attachment to your response.

1.2.3. What are the data media?

Detail here the medium of the data. For example, the application or software used to process the data.

2. Basic principles

2.1. Proportionality Assessment and Data Need

2.1.1. Are the purposes of the processing determined, explicit and legitimate?

Explain how the purposes of the processing are specified, explicit and legitimate.

2.1.2. What is/are the basis(s) that make your treatment lawful?

Specify the legal basis associated with your processing. For example, consent, legal obligation or legitimate interests.

2.1.3. Is the data collected adequate, relevant and limited to what is necessary for the purposes for which it is processed (data minimization)?

Explain how each piece of data is necessary to accomplish the purposes of the processing.

2.1.4. Is the data accurate and kept up to date?

Describe the measures implemented to ensure data quality.

2.1.5. What are the data retention periods?

Explain why the retention period for each data item is necessary to achieve the purposes of the processing.

2.1.6. How do you evaluate the measures implemented?

2.2. Measures to protect rights

2.2.1. How are data subjects informed about the processing (transparency)

Indicate here the modalities of information of the persons (data charter, forms...) and the content of the information.

2.2.2. If applicable, how is consent obtained from data subjects?

Indicate here how consent was obtained.

2.2.3. How can data subjects exercise their right of access and right to portability?

Indicate here how you can exercise these rights.

2.2.4. How can data subjects exercise their right to rectification and right to erasure (right to be forgotten)?

Indicate here how you can exercise these rights.

2.2.5. How can data subjects exercise their right of restriction and right of objection?

Indicate here how you can exercise these rights.

2.2.6. Are the obligations of subcontractors clearly defined and contractualized?

A subcontracting agreement must be concluded with each of the subcontractors, specifying all the elements provided for in art. 28 of the GDPR.

2.2.7. If data is transferred outside the European Union, is the data equally protected?

Indicate the country of transfer and the tool used.

2.2.8. How do you evaluate the measures implemented?

3. Risks related to data security

3.1. Security measures implemented

3.1.1. What are the specific measures implemented on the data processing activity ?

3.2. Illegitimate access to data

3.2.1. What might be the main impacts on those affected if the risk were to occur?
3.2.2. What are the main threats that could allow the risk to occur?
3.2.3. What sources of risk could they be?
3.2.4. What existing measures help address the risk?
3.2.5. How do you estimate the severity of the risk, including potential impacts and initial actions?
3.2.6. How do you estimate the likelihood of risk, including threats, sources of risk, and initial actions?

3.3. Unwanted modification of data

3.3.1. What might be the main impacts on those affected if the risk were to occur?
3.3.2. What are the main threats that could allow the risk to occur?
3.3.3. What sources of risk could they be?
3.3.4. What existing measures help address the risk?
3.3.5. How do you estimate the severity of the risk, including potential impacts and initial actions?
3.3.6. How do you estimate the likelihood of risk, including threats, sources of risk, and initial actions?

3.4. Disappearance of data

3.4.1. What might be the main impacts on those affected if the risk were to occur?
3.4.2. What are the main threats that could allow the risk to occur?
3.4.3. What sources of risk could they be?
3.4.4. What existing measures help address the risk?
3.4.5. How do you estimate the severity of the risk, including potential impacts and initial actions?
3.4.6. How do you estimate the likelihood of risk, including threats, sources of risk, and initial actions?

4. Measures envisaged to reduce risks

4.1. Measures to reduce the risk of unauthorized access

4.1.1. What measures are being considered to address the risk of illegitimate access to data?
4.1.2. Provide details of the action plan you will implement
4.1.3. How do you estimate the severity of the risk, particularly in terms of potential impacts and planned measures?
4.1.4. Comment estimez-vous la vraisemblance du risque, notamment au regard des menaces, des sources de risques et des mesures envisagées ?

4.2. Measures to reduce the risk of unwanted data modification

4.2.1. What measures are being considered to address the risk of unwanted data modification?
4.2.2. Provide details of the action plan you will implement
4.2.3. How do you estimate the severity of the risk, particularly in terms of potential impacts and planned measures?
4.2.4. How do you assess the likelihood of the risk, including the threats, sources of risk, and actions being considered?

4.3. Measures to reduce the risk of data loss

4.3.1. What measures are being considered to address the risk of data loss?
4.3.2. Provide details of the action plan you will implement
4.3.3. How do you estimate the severity of the risk, particularly in terms of potential impacts and planned measures?
4.3.4. How do you assess the likelihood of the risk, including the threats, sources of risk, and actions being considered?

5. Review and validation

5.1. Reviews of the persons concerned

5.1.1. Have you received the opinion of the persons concerned or their representatives?
5.1.2. Enter the review here

5.2. Review of the DPO

5.2.1. Did you get the opinion of the DPO?
5.2.2. Enter the review here

5.3. Validation

5.3.1. Is the validation by the data controller formalized?
5.3.2. Attach the signed analysis

The analysis must be signed by the data controller. In this case it will be the legal responsible of the organization or his representative.

Created at: 5/30/2022 7:53:24 AM

Updated on : 5/30/2022 8:20:22 AM

License : © Creative commons :
Attribution / Pas d'utilisation commerciale
CC-BY-NC Attribution Pas d'utilisation commerciale

author :
Paul-Emmanuel Bidault


Access all our audit templates

Try Dastra now to access all of our audit templates that you can customize for your organization.It's free and there's no obligation for the first 30 days (no credit card required)

Build my audit with Dastra