Navigation auf


Legal Services and Data Protection

Risk and Impact Assessments

Risk Assessment (Cantonal Law)

If the processing of personal data involves special risks to the rights and freedoms of the affected persons, the project must be submitted to the Data Protection Officer for the Canton of Zurich (see § 10 IDG).

Merkblatt Vorabkontrolle der DSB des Kantons Zürich (German).

Impact Assessment (EU-GDPR)

If the European Union’s General Data Protection Regulation applies to your project, a Privacy Impact Assessment/Data Protection Impact Assessment) may be necessary (see Art. 35 EU GDPR). You can find further information at the following links:

Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725)

Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01)

Website of France’s Commission Nationale de l'Informatique et des Libertés on Data Protection Impact Assessments (Français / English)