gdpr · dpia

Pre-filled DPIA template

We fill in the architecture sections. You fill in the organisation-specific sections. Saves 20+ hours on the client side.

section b

What is a DPIA (briefly)

A Data Protection Impact Assessment is required when processing is likely to result in a high risk to the rights and freedoms of natural persons (GDPR art. 35). For Murmur deployments this is almost always relevant: we process signals that may affect individuals, groups and vulnerable populations.

section c

What you receive

A fillable PDF (~30 pages) with all architecture sections pre-filled.

What we filled in

  • Description of processing — what a Murmur platform such as UrbanStakes does, which data flows
  • Legal bases — which GDPR grounds apply
  • Technical and organisational measures — encryption, access, retention, pseudonymisation (see Trust Center)
  • Risk inventory (generic part) — typical risks and mitigations built into the platform
  • Provenance and categories of personal data — for standard deployments

What you still fill in

  • Specific use case (which theme, which sources)
  • Specific data-subject categories
  • Specific retention periods (your policy)
  • Consultation with stakeholders and DPO
  • Residual risks for your context

section d

Why we pre-fill this

A good DPIA typically takes 20 to 40 hours of internal time. The technical-architectural portion is always the same for us — we run on our own infrastructure, so we can write it down once well and share it with all clients. That saves you time and raises quality: your counsel doesn't have to figure out how our encryption works.

section e

What it isn't

  • Not a replacement for a DPIA process — we provide a template, you run the process
  • Not legal advice — for specific questions consult your DPO or an attorney
  • Not automatically valid for all use cases — you must contextualise per deployment

section f

Request the template

Turnaround We send the template within 2 business days. Paul van Heel (project lead) reviews each request personally and sends a short accompanying note.

We use this data only to send you the template and ask a single follow-up question. No newsletter. No resale.

Status: the template is in build (v1). Requests are handled manually until the definitive v1 is available.