The Czech Data Protection Authority has drafted a “Methodological Recommendation for Legislative Data Protection Impact Assessment (DPIA)”.
The document is currently the subject of a public consultation, in which the Czech Data Protection Association, member of EFDPO, has also sent its comments.
The legislative DPIA should be according the PDA structured as follows:
1. an explanation of the purpose of the proposed processing of personal data,
2. a description of the relation to existing or forthcoming processing of personal data,
3. an assessment of the proposed processing in terms of necessity and proportionality in relation to the purpose pursued; and
4. an assessment of the risks to the rights and freedoms of natural persons; and
5. the identification of possible measures to reduce them
6. a description of the purpose of the processing of personal data
Find more information about the Czech Association for the Protection of Personal Data: www.efdpo.eu/czech-republic