DPIA & AI Risk Profile Template

DPIA & AI Risk Profile Template

Zen AI Governance — Knowledge Base Templates & Toolkits Updated 20 Nov 2025 www.zenaigovernance.com ↗

DPIA & AI Risk Profile Template (GDPR + EU AI Act + ISO 42001)

GDPR Art. 35 DPIA EU AI Act Art. 9–10 Risk Mgmt
+ On this page
Key takeaways
  • DPIA + AI Risk Profile merged into a single assessment for operational efficiency.
  • Includes GDPR legal risks and AI-specific risks (bias, drift, misuse, safety failures).
  • Templates integrate directly into risk registers, PMM dashboards, and the evidence repository.

Purpose & Scope

This template helps organisations evaluate risks associated with processing personal data in AI systems and map specific AI-related hazards. It supports GDPR DPIA requirements, EU AI Act mandatory risk management, and ISO 42001 operational risk controls.

Template Structure

The assessment contains the following sections:

  1. Project overview & lawful basis
  2. Data categories, sources & processing details
  3. Risk assessment (GDPR + AI-specific)
  4. Mitigation & residual risk
  5. DPO consultation & decision
  6. Approval and retention

Data Processing & Flows

FieldDescriptionExample
Data CategoriesTypes of personal/non-personal data processed.User queries, log data, metadata
Sensitive Data?Does system process special-category data?No (default)
SourceWhere data originates.Web inputs, emails, chat logs
StorageWhere data is stored.Firestore (EU region), encrypted
RetentionHow long the data is kept.90 days (runtime); 1 year (audit logs)
ProcessorsThird parties involved.GCP, Zoho, Make.com

AI Risk Profile Sections

Each risk entry includes:

  • Risk Description — scenario statement
  • Impact & Likelihood — using the scoring model (below)
  • Controls Already in Place
  • Residual Risk
  • Evidence (EV-ID)
CategoryExample Risks
Bias & FairnessSkewed results, disproportionate outcomes.
SecurityPrompt injection, model extraction, data poisoning.
Accuracy/RobustnessDrift, hallucinations, misclassifications.
PrivacyUnintended personal data use; inference attacks.
SafetyAI advice causing physical/psychological risk.
Legal/EthicalNon-compliance with transparency, consent, rights.

Risk Scoring Model

  • Impact (1–5): Negligible → Catastrophic
  • Likelihood (1–5): Remote → Expected
  • Final Score = Impact × Likelihood
  • Rating Bands:
    • 1–5: Low (Green)
    • 6–10: Medium (Amber)
    • 11–15: High (Orange)
    • 16–25: Critical (Red)

CSV & Form Templates

Project_ID,Project_Name,Version,Owner,Lawful_Basis,Data_Categories,Sensitive_Data,Processing_Activities,Storage,Retention,AI_Risks,Impact,Likelihood,Score,Controls,Residual_Risk,Evidence_ID,DPO_Consulted,Decision,Approval_Date

Worked Examples

Project_ID: DPIA-2025-004
Project_Name: Zen AI AnswerBot v2.1
Lawful_Basis: Legitimate Interest (Art 6(1)(f))
Data_Categories: Query text, session metadata
Sensitive_Data: No
AI_Risks: Model hallucination leading to incorrect advice
Impact: 4
Likelihood: 3
Score: 12 (High)
Controls: Safe responses, fallback rules, escalation to human
Residual_Risk: Medium (8)
Evidence_ID: EV-DPIA-007
Decision: Approved with mitigation plan

Framework Alignment

FrameworkReferenceRelevance
GDPRArt. 35DPIA mandatory for high-risk processing
EU AI ActArt. 9–10Mandatory risk management system
ISO/IEC 42001§6.1 & §8Risk controls for AI lifecycle
NIST AI RMFMap + ManageContext & risk documentation

© Zen AI Governance UK Ltd • Regulatory Knowledge • v1 20 Nov 2025 • This page is general guidance, not legal advice.

    • Related Articles

    • Risk Register Template (AI)

      Zen AI Governance — Knowledge Base • Templates & Toolkits • Updated 19 Nov 2025 www.zenaigovernance.com ↗ Risk Register Template — Artificial Intelligence Systems ISO 42001 Template Risk Management Toolkit + On this page On this page Purpose & Scope ...

    • Scope Statement Template (AIMS)

      Zen AI Governance — Knowledge Base • Templates & Toolkits • Updated 19 Nov 2025 www.zenaigovernance.com ↗ Scope Statement Template — AI Management System (AIMS) ISO 42001 Template Governance Toolkit + On this page On this page Purpose & Use Template ...

    • Audit Plan Template & Checklist (ISO 42001 §9.2 + NIST RMF)

      Zen AI Governance — Knowledge Base • Templates & Toolkits • Updated 19 Nov 2025 www.zenaigovernance.com ↗ Audit Plan Template & Checklist (ISO 42001 §9.2 + NIST RMF) ISO 42001 Template Internal Audit & CAPA + On this page On this page Purpose & ...

    • Incident Response Playbook (AI Context)

      Zen AI Governance — Knowledge Base • Templates & Toolkits • Updated 20 Nov 2025 www.zenaigovernance.com ↗ Incident Response Playbook — Artificial Intelligence Context ISO 42001 / EU AI Act Template AI Incident Management + On this page On this page ...

    • Transparency Notice Examples

      Zen AI Governance — Knowledge Base • Templates & Toolkits • Updated 20 Nov 2025 www.zenaigovernance.com ↗ Transparency Notice Examples (Web • Chat • IVR • Email • UI) EU AI Act Art. 52 Compliance Transparency & User Rights + On this page On this page ...