DPIA: Proactive Impact Assessment (Art. 35)
Do not wait for the risk to find you: the catalogue tells you which assets require a DPIA.
Framework / standard: GDPR Art. 35 · Art. 36 · ISO/IEC 38505-1 (Risk)
The worst moment to discover that a table needed an impact assessment is when there is already a breach. The second worst, when the DPO finds out by chance.
Linedat proactively detects DPIA-candidate assets from PII detection (showing sensitivity as context), and manages the assessment as a dossier with states.
From reactive to preventive
From detected PII, Linedat lists the assets that are candidates for a DPIA (showing their sensitivity level as context) before an incident occurs. The DPO sees the list in advance, not after the fact.
Workflow, DPO opinion and cadence
The DPIA follows a workflow with terminal states (draft → under review → approved / requires DPO / rejected), captures the DPO opinion and stamps the next review date in line with Art. 35(11).
The limits (what we do not claim)
It is a register that helps you decide, not a block: it does not technically prevent processing without an approved DPIA. The "review overdue" flag is read-time, with no scheduled automatic reminder.
How Linedat helps
Linedat turns the catalogue into a radar for privacy hotspots — from reactive governance to preventive, with fewer audit surprises.
Related capabilities
A RoPA that points to the real tables — not a disconnected spreadsheet.
Data Risk with 5×5 Matrix and Effectiveness VerificationA data risk is not closed by saying "already mitigated": it is closed with proven effectiveness.
FRIA: Fundamental Rights Impact AssessmentThe FRIA required by EU AI Act Art. 27, versioned and linked to the AI system — not a Word document sitting in a folder.
