Ctrlk
Sprinto DashboardAPI Reference

Data Protection Impact Assessment (DPIA)

Learn how to create, manage, and complete Data Protection Impact Assessments (DPIAs) in Sprinto using workflows, forms, approvals, and risk mapping.

A Data Protection Impact Assessment (DPIA) helps organisations identify, assess, and reduce privacy risks associated with processing personal data. DPIAs are commonly used to evaluate high-risk processing activities, document mitigation measures, and maintain compliance with privacy regulations.

In Sprinto, the DPIA module helps you:

  • Create and manage DPIA assessments

  • Assign owners and approvers

  • Run structured workflows

  • Collect assessment information through forms

  • Map privacy risks and mitigation actions

  • Track approvals and task progress

  • Generate DPIA reports for audit and compliance purposes

The DPIA module is available under the Data Library section.

How DPIA Works

Sprinto uses workflow-driven assessments to manage the complete DPIA lifecycle.

A typical DPIA workflow includes:

  1. Creating a DPIA assessment

  2. Assigning owners and approvers

  3. Running a workflow

  4. Completing assessment forms

  5. Mapping privacy risks

  6. Reviewing mitigation actions

  7. Completing approvals

  8. Generating reports

As workflow tasks are completed, Sprinto automatically generates the next set of tasks based on the workflow configuration.

Create a DPIA Assessment

To create a DPIA assessment:

  1. Log in to your Sprinto dashboard.

  2. Go to Data Library.

  3. Select DPIA.

  4. Click Create DPIA.

  1. Enter the following details:

    • Assessment name

    • Description (optional)

    • Department (optional)

    • Owner

    • Approver

  2. Click Create.

The new DPIA assessment appears in the assessment list with a status of Not Started.

Configure and Run a Workflow

After creating a DPIA, you must run a workflow to begin the assessment process.

To run a workflow:

  1. Open the DPIA assessment.

  2. Review the assessment overview.

  3. Select a workflow appropriate for your organisation’s process.

  4. Click Run Workflow.

Once the workflow starts, Sprinto automatically creates the first task as per the workflow in the Tasks tab. These tasks may include:

  • Form submissions

  • User approvals

  • Risk mapping activities

  • Mitigation tasks

  • Manual review steps

  • Evidence collection tasks

Workflow progression depends on the completion of earlier tasks and configured workflow conditions.

Complete DPIA Tasks

Sprinto supports multiple task types within a DPIA workflow. Depending on the configured workflow block, users may need to complete forms, map risks, create mitigation tasks, or review approvals.

Complete a Form-Based Task

Form tasks are used to collect assessment information during the DPIA process.

To complete a form task:

  1. Open the task from the Tasks tab.

  2. Click Fill Form.

  1. Enter the required information.

  2. Use Next to move through multipart forms if applicable.

  3. Click Submit.

  4. Return to the task details panel.

  5. Click Mark task as complete.

Sprinto updates the task status after submission and automatically progresses the workflow.

Complete a Risk Mapping Task

Risk mapping tasks allow you to associate relevant risks with the DPIA assessment.

To map risks:

  1. Open the task for mapping risks.

  2. Click Add risks.

  1. Browse or search for risks from the risk register.

  2. Select the risks you want to associate with the DPIA.

  3. Click Save mapping.

  1. Return to the task details panel.

  2. Click Mark task as complete.

Mapped risks are displayed within the task for future review and reporting.

You can also modify mapped risks later by clicking Edit risks, updating the selected risks, and then clicking Save mapping again.

Complete a Mitigation Task

Mitigation tasks help teams track remediation or follow-up activities related to identified risks.

To create a mitigation task:

  1. Open the task.

  2. Click Create task.

  1. Enter the following details:

    • Task name

    • Assignee

    • Due date

    • Description

  2. Upload supporting attachments if required.

  3. Click Add task.

You can repeat this process to create multiple mitigation tasks for the DPIA assessment.

After all required mitigation tasks are added:

  1. Return to the task details panel.

  2. Click Mark task as complete.

Sprinto tracks all created mitigation tasks within the DPIA workflow.

Complete an Approval Task

Approval tasks are used to review and approve DPIA assessments before closure or report generation.

To complete an approval task:

  1. Open the approval task from the Tasks tab.

  2. Review the assessment details and previously completed workflow information.

  3. Add comments or attachments if required.

  4. Click Mark task as complete.

Approval tasks are typically assigned to designated approvers or reviewers configured in the workflow.

Add Notes and Attachments

You can add additional context to workflow tasks by attaching files or including completion notes.

To add supporting information:

  1. Open the relevant task.

  2. Use the attachment option to upload files.

  3. Add comments or completion notes if required.

  4. Save or submit the task.

Attachments help maintain evidence and supporting documentation for audits and internal reviews.

Review Mapped Risks

The Risks tab displays all risks mapped during the DPIA workflow.

This section helps teams:

  • Review mapped privacy and security risks.

  • Validate associated risk descriptions.

  • Track risks linked to the DPIA assessment.

  • Maintain visibility into identified exposure areas.

All risks added through the Map risks to DPIA task automatically appear in this section.

Manage DPIA Documents

The Documents tab stores all files associated with the DPIA assessment.

This includes:

  • Files uploaded during workflow tasks

  • Supporting evidence

  • External assessments

  • Signed documents

  • Additional compliance records

To manually upload a document:

  1. Open the Documents tab.

  2. Click Add document.

  1. Upload the required file.

  2. Click Add document again to confirm the upload.

Uploaded documents appear in the document list with their source information.

From this section, you can:

  • Download uploaded files

  • Delete documents

  • Review uploaded evidence associated with the DPIA

Generate and Download DPIA Reports

The Reports tab displays all reports generated for the DPIA assessment.

Generated reports include workflow information such as:

  • Assessment details

  • Form responses

  • Risk mappings

  • Mitigation activities

  • Approval history

  • Decision records

  • Supporting evidence

The Reports tab also displays:

  • Report name

  • Generation date

  • User who generated the report

To download a generated report:

  1. Open the Reports tab.

  2. Locate the required report.

  3. Click Download Report.

Reports can be used for audits, compliance reviews, and internal governance documentation.

Monitor Workflow Progress

Sprinto continuously tracks workflow execution and task progression.

The DPIA dashboard helps you monitor:

  • Assessment status

  • Task completion progress

  • Pending approvals

  • Assigned users

  • Workflow stages

  • Completed activities

Task assignees also receive email notifications for pending workflow actions and approvals.

Features

Feature
Description

Workflow-driven assessments

Automate the DPIA lifecycle using configurable workflows

Dynamic task generation

Automatically create tasks based on workflow progression

Multipart forms

Collect structured assessment information across multiple stages

Risk mapping

Identify and document privacy risks and mitigation actions

Approval workflows

Configure sequential approvals and review processes

Role-based assignments

Assign workflow tasks to users or roles

Evidence management

Upload attachments and supporting documents

Email notifications

Notify assignees about pending tasks and approvals

DPIA reporting

Generate structured reports for audits and compliance

FAQs

1. What is a DPIA?

A DPIA (Data Protection Impact Assessment) is a process used to identify and reduce privacy risks associated with processing personal data.

2. Who can create a DPIA in Sprinto?

Users with access to the DPIA module in the Data Library section can create and manage assessments.

3. Can I customise DPIA workflows?

Yes. Workflow configuration can vary based on your organisation’s internal assessment and approval processes.

4. Are approvals supported in DPIA workflows?

Yes. Sprinto supports workflow approvals assigned to users or roles.

5. Can I upload evidence or supporting documents?

Yes. You can upload attachments and add completion notes to workflow tasks.

6. Does Sprinto support multipart forms?

Yes. DPIA workflows can include multipart forms with multiple sections and steps.

7. Are email notifications sent for pending tasks?

Yes. Sprinto sends email notifications to workflow task assignees.

8. Can I generate DPIA reports?

Yes. Sprinto can generate DPIA reports containing assessment details, risks, approvals, and supporting information.

Glossary

Term
Description

DPIA

Data Protection Impact Assessment used to evaluate privacy risks in data processing activities

Workflow

A configured sequence of tasks, approvals, and assessment steps

Task

An individual action assigned as part of a workflow

Risk Mapping

The process of identifying and associating risks with processing activities

Mitigation Action

A control or remediation step used to reduce identified risks

Approver

A user responsible for reviewing and approving workflow stages

Assessment Owner

The primary user responsible for managing the DPIA

Multipart Form

A form divided into multiple sections or steps

Evidence

Supporting files or documentation attached to workflow tasks

PreviousGlossaryNextAI Systems

Last updated