privacy-threshold-analysis
Installation
SKILL.md
Conducting Privacy Threshold Analysis
Overview
A Privacy Threshold Analysis (PTA) is a lightweight screening tool used to determine whether a processing activity requires a full DPIA under Art. 35. The PTA functions as a triage mechanism: it applies the WP248rev.01 nine criteria, Art. 35(3) mandatory triggers, and national supervisory authority DPIA lists to quickly classify processing activities into three categories: DPIA required, DPIA recommended, or DPIA not required. Every new processing activity, system change, or procurement of data-processing services should pass through the PTA before implementation.
PTA Quick-Screen Questionnaire
Section A: Art. 35(3) Mandatory Triggers
| Question | Yes/No | If Yes |
|---|---|---|
| A1. Does the processing involve systematic and extensive evaluation of personal aspects based on automated processing (including profiling) on which decisions are based that produce legal effects or similarly significantly affect individuals? | DPIA mandatory — Art. 35(3)(a) | |
| A2. Does the processing involve large-scale processing of special categories of data (Art. 9(1): health, biometric, genetic, racial/ethnic, political, religious, trade union, sexual orientation) or criminal conviction data (Art. 10)? | DPIA mandatory — Art. 35(3)(b) | |
| A3. Does the processing involve systematic monitoring of a publicly accessible area on a large scale (e.g., CCTV in public spaces, Wi-Fi tracking)? | DPIA mandatory — Art. 35(3)(c) | |
| A4. Does the processing appear on the national supervisory authority's DPIA required list (Art. 35(4))? | DPIA mandatory |
If any question in Section A is answered Yes: DPIA is mandatory. Stop. Proceed to full DPIA.
Related skills