Strumento gratuito

Generatore DPIA + FRIA

Esegui in un'unica passata una valutazione d'impatto sulla protezione dei dati ai sensi dell'Article 35 del GDPR e la valutazione d'impatto sui diritti fondamentali ai sensi dell'Article 27 dell'EU AI Act, con un registro dei rischi condiviso, ed esporta un unico pacchetto di evidenze combinato. Interamente nel tuo browser.

Quando serve una DPIA per l'IA? Leggi la guida alla DPIA per i sistemi di IA.

Completeness: 0%

Organisation (controller / deployer)

Assessor (name / role)

Section 1

GDPR Article 35(7)(a)

DPIA — Systematic Description of the Processing

Describe the processing operations and their purposes, including any legitimate interest pursued. This is the data-protection view of the same system the FRIA assesses for fundamental-rights impact.

Controller and DPO

Purposes of the processing

Categories of personal data

Flag any special-category (Art 9) or criminal-offence (Art 10) data.

Categories of data subjects

Retention and recipients

Section 2

GDPR Article 35(7)(b)

DPIA — Necessity & Proportionality

Assess the necessity and proportionality of the processing in relation to the purposes, the lawful basis, and the safeguards. Address automated decision-making under Article 22.

Lawful basis (Article 6) and conditions

Necessity and data minimisation

Automated decision-making (Article 22)

State whether decisions are solely automated with legal/similar effect, and the Art 22(3) safeguards.

Section 3

GDPR Article 35(7)(d)

DPIA — Measures to Address the Risks

Record the measures envisaged to address the risks, the safeguards and security measures, and any DPO advice or prior consultation with the supervisory authority (Article 36).

Safeguards and security measures

DPO advice and outcome

Review date

Section 4

Article 27(1)(a)

System Description & Intended Purpose

Describe the deployer's processes in which the high-risk AI system will be used, in line with the intended purpose defined by the provider.

AI system name and version

Provider and contact

Intended purpose (as defined by the provider)

Use the purpose stated in the provider instructions for use.

Deployer process where the system is used

Operational context and environment

Section 5

Article 27(1)(b)

Duration & Frequency of Use

Describe the period of time within which, and the frequency with which, the high-risk AI system is intended to be used.

Planned deployment start date

Expected duration

Frequency of use

Volume of decisions

Geographic scope

Section 6

Article 27(1)(c)

Categories of Affected Persons

Identify the categories of natural persons and groups likely to be affected by use of the system in the specific context.

Persons subject to AI-driven decisions

Third parties indirectly affected

Vulnerable groups requiring special attention

e.g. children, elderly, persons with disabilities, minorities, non-native speakers, low digital literacy.

Section 7

Article 27(1)(d)

Specific Risks to Fundamental Rights

Identify the specific risks of harm likely to impact the affected persons, taking into account the information provided by the provider under Article 13. Record each risk in the register below.

Fundamental rights potentially at risk

Provider information relied on (Article 13)

Risk register

No risks recorded yet. Add a row for each right or interest at risk, or load the worked example above.

Section 8

Article 27(1)(e)

Human Oversight Measures

Describe how human oversight will be implemented, in accordance with the instructions for use.

Designated oversight roles

Intervention capabilities

Qualifications and training

Section 9

Article 27(1)(f)

Measures if Risks Materialise: Governance & Complaints

Describe the measures to be taken if the identified risks materialise, including internal governance arrangements and complaint mechanisms.

Technical measures

Organizational measures

Complaint and redress mechanisms

Notification to the market surveillance authority

Article 27(3): notify the authority of the FRIA results, using the AI Office template once available.

Export one combined DPIA + FRIA evidence pack. Everything stays in your browser — nothing is uploaded.

DPIA e FRIA, allineate

Gli elementi della DPIA ai sensi dell'Article 35(7) e quelli della FRIA ai sensi dell'Article 27(1) in un unico flusso — senza lavoro duplicato tra i due regimi.

Un unico record combinato

Un registro dei rischi condiviso e un'unica esportazione, così le tue evidenze in materia di protezione dei dati e di diritti fondamentali restano coerenti.

Riservato per progettazione

Tutto rimane nel tuo browser. Niente di ciò che digiti viene caricato, e la tua valutazione combinata si esporta direttamente in Markdown o JSON.

Avvertenza: Questo strumento ti aiuta a redigere una DPIA e una FRIA combinate sulla base dell'Article 35 del GDPR e dell'Article 27 dell'EU AI Act. Non costituisce consulenza legale. Verifica i tuoi obblighi con un consulente qualificato che conosca il tuo caso d'uso.