Survey on the need for a Data Protection Impact Assessment (DPA) To set up your GDPR system correctly, and determine if you need a Data Protection Officer, you need to conduct an initial survey. Email to which you want us to send you the result.The email is necessary to start the form Start quiz 1. Sector of the organization's activity Does the organization's activity belong to any of the following categories? 1.1 Health 1.2 Asset Solvency 1.3 Generation and use of Profiles 1.4 Political, union or religious activities 1.5 Telecommunications services 1.6 Insurances 1.7 Banking and financial entities 1.8 Social service activities 1.9 Advertising 1.10 Mass video surveillance (Public video surveillance, large infrastructures, shopping centers, etc.) 1.11 Other Next 2. Processing of special protection data Within the organization's activity, is special protection data such as the following processed, preserved, stored or transferred? 2.1 Data that reveals ethnic or racial origin 2.2 Data on political, religious or philosophical opinions 2.3 Union membership data (except union dues) 2.4 Genetic data (use of genetic data for any purpose) 2.5 Biometric data aimed at uniquely identifying a person 2.6 Physical or mental health data and medication consumption or prescription data 2.7 Data relating to sexual life or sexual orientation 2.8 Data relating to convictions or criminal offenses 2.9 Geolocation 2.10 High risk for the rights and freedoms of data subjects 2.11 High risk for the rights and freedoms of data subjects Next 3. Within the treatment activity Within the personal data processing activity of your organization... 3.1 Are profiles made or analyzed? No Yes 3.2 Is there massive advertising and commercial prospecting done to potential clients? No Yes 3.3 Are public network exploitation services or electronic communication services provided (internet service provider [LGT])? No Yes 3.4 Do you manage associates or members of political parties, unions, churches, religious denominations or communities, foundations and other non-profit entities, whose purpose is political, philosophical, religious or union? No Yes 3.5 Is health control or the sale of medicines managed or carried out? No Yes 3.6 Are data of people in vulnerable situations such as minors, disabled people, victims, people with social inclusion problems, etc. managed? No Yes 3.7 Are personal data processed or obtained for the purpose of tracking, controlling and monitoring natural persons and their activities? No Yes Next 4. Is personal data processed on a large scale? The concept of large scale is indeterminate, so please provide us with the following information: 4.1 How much data of natural persons does your organization store or process? Select a value 0 to 1.000 people 1.001 to 10.000 people 10.001 to 100.000 people More than 100.000 people 4.2 Please indicate the geographical scope of the personal data being processed. Select a value Local Provincial Regional National International EU countries and safe International non-EU countries not safe 4.3 Do you apply new technologies such as big data, artificial intelligence, etc. to the data or perform massive automated processing? * No Yes 4.4 Do you combine data to create individualized or univocal profiles? * No Yes 4.5 Do you combine data to create individualized or univocal profiles? Select a value Less than 3 months More than or equal to 3 months Next 5. About your organization 5.1 Is your entity a public authority or body, or a private entity that processes, stores, preserves, assigns and transfers personal data for an Administration or public body? No Yes 5.2 Your entity carries out one or more activities, either through its own means or on behalf of third parties, consisting of processing operations that require regular and systematic observation of interested parties on a large scale (geolocation, monitoring of people (e.g. supervised releases, etc.). No Yes 5.3 Does your organization process or acquire personal data consisting of a combination of different sets of personal data to create profiles and/or uniquely identify people? No Yes 5.4 Does your organization carry out predictive analysis of people's individual behavior? No Yes Next 6. After obtaining data After obtaining data and processing, the following are carried out: 6.1 Automated decision processes or not with legal effects No Yes 6.2 Credit risk assessments are carried out No Yes 6.3 The inclusion or exclusion of social benefits is carried out No Yes Next 7. In your organization In your organization... 7.1 New technologies are used that are invasive of the fundamental rights of citizens No Yes 7.2 There are several data controllers No Yes 7.3 There are complex chains of treatment managers No Yes 7.4 International transfers occur No Yes 7.3 There are data transfers No Yes Get result Evaluation result You need EIPD: You need DPO: