Data Protection Auditing & Privacy Impact Assessments

A key part of UK GDPR compliance is being able to demonstrate what you do with personal data, why you do it, and how you keep it safe. Regular audits help you assess your current practices and identify gaps. Impact assessments help you build data protection into new projects from the start (“data protection by design and default”).

This collection includes practical templates for three linked processes:

Data Protection Audit (to assess your current position);
Data Protection Impact Assessment (DPIA/PIA) (to assess risks in new or changed processing); and
Legitimate Interests Assessment (LIA) (to help decide whether “legitimate interests” is an appropriate lawful basis).

Importantly, the templates are supported by guidance notes that explain the steps and provide background to each stage, so you can work through the process methodically.

When Should You Use These Templates?

Use this collection if you want to put a structured, repeatable process in place for:

running a data protection “health check” across your organisation;
deciding whether a project needs a DPIA, and documenting the risks and mitigations if it does; and/or
recording and justifying a decision to rely on legitimate interests as a lawful basis (and checking whether the project should also trigger a DPIA).

What Templates Are Included?

Data Protection Audit

A structured audit covering UK GDPR principles and data subject rights, designed to assess practices across key compliance areas.

Data Protection Audit Guidance Notes

Step-by-step notes designed to be used alongside the Audit template, providing background explanations for each audit section.

Data Protection Impact Assessment Screening Checklist

A checklist to help you decide whether a DPIA is required (and useful even where it isn’t strictly mandatory).

Data Protection Impact Assessment

A full DPIA/PIA template to identify data flows, assess risks to individuals, and document solutions and sign-off.

Data Protection Impact Assessment Guidance Notes

Guidance explaining what a DPIA is, when it’s required, the key stages, and what to do after completing it.

Data Protection Impact Assessment (Short Form)

A more flexible DPIA template that keeps the required headings but avoids overly prescriptive question sets in every section.

Legitimate Interests Guidance Notes

Practical guidance on applying the legitimate interests basis, including purpose/necessity/balancing and how to approach it as an SME.

Legitimate Interests Assessment

A template built around the three-part legitimate interests test, with prompts and a link to DPIA screening where higher risks arise.

Why Use These Templates?

These templates are designed to help you move beyond “GDPR paperwork” and implement repeatable processes that support compliance in practice:

Audit what you do now (and identify improvements) using an audit structured around UK GDPR principles.
Design privacy into new projects by mapping data flows, assessing risks, choosing mitigations, and recording sign-off.
Document key decisions (such as relying on legitimate interests), using structured tests and prompts that encourage consistent reasoning.
Use the paired guidance notes to ensure the exercise is done properly and consistently, even if you’re not a data protection specialist.

For more information about each document in this collection, please click on the links below:

Data Protection Auditing & Privacy Impact Assessments is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.

Business Buy Only £38.50 + VAT!
Unlimited Downloads for One Year
No Auto-Renewal