Data Protection Impact Assessment

GDPR Article 35 DPIA template, pre-filled for the COHESION telemetry pipeline.

What this is

A GDPR Article 35 DPIA template covering the COHESION telemetry capture, JIS computation, and aggregation pipeline. Pre-filled so customer DPOs start from an evidence-grounded draft rather than a blank page.

Download

• DPIA template (Markdown source), live in the repo.

A PDF render is produced by the release pipeline and will be linked here once the next release tag lands (v1.1.0 tag shipped 2026-04-22, current is v1.2.0).

Sections covered

1. Processing description and context.
2. Necessity and proportionality assessment.
3. Risks to data subjects.
4. Risk rating (likelihood x impact).
5. Mitigations (technical and organizational).
6. Residual risk.
7. Sign-off block.

Important flag

REVIEW BY LEGAL COUNSEL REQUIRED BEFORE EXECUTION. Template sourced from GDPR.eu community version, adapted by the COHESION team. Not legal advice.

Why we pre-fill it

Every COHESION deployment has essentially the same data categories (behavioral telemetry, never prompt or output text), the same subprocessor set, and the same retention profile. A pre-filled DPIA saves the customer’s DPO the 10-hour research phase.

Next step

• DPA
• Data residency