A Data Protection Impact Assessment (DPIA) is required under GDPR Article 35 where processing is likely to result in high risk to individuals. This tool screens your processing and runs the assessment in your browser: transfers, AI involvement and vendor questions activate their own modules automatically, so one intake covers every connected obligation.
GDPR Article 35 requires a DPIA where processing is likely to result in a high risk to individuals — for example large-scale processing of special-category data, systematic monitoring of a public area, or automated decisions with legal or significant effects. Supervisory authorities publish lists of processing that always requires one. This tool screens your processing and, if a DPIA is warranted, runs it.
The assessment covers the elements Article 35(7) requires — a systematic description of the processing, necessity and proportionality, the risks to rights and freedoms, and the measures to address them — the same structure as the EDPB's harmonised template and supervisory-authority forms. It is a screening and drafting aid, not legal advice.
The assessment runs entirely in your browser and the full results are shown on-page, free, with no login or email required. Your answers are stored only in this browser. A free account adds saving, sharing and clean exports; free exports carry a small "Prepared with Raksa" mark.
Nothing leaves your browser unless you choose it. Answers autosave to this browser's local storage. If you use an optional AI assist, the relevant answers are sent to generate that one suggestion and are not stored on our servers or used for training.
Raksa runs DPIA, transfer, AI-risk and vendor assessments off a single common nucleus, so one intake feeds them all and teams never answer the same question twice. Explore the other assessments or the platform.