A new whitepaper titled “Guidance for DPIA Practices from EU-Funded Projects” has been published, bringing together practical experiences on Data Protection Impact Assessments (DPIAs) from eight major European research and innovation projects. This document is the result of a collaborative effort to share approaches, lessons learned, and concrete examples of how GDPR requirements can be integrated into complex technical and organisational environments.
The whitepaper includes contributions from the projects HARPOCRATES, PAROMA-MED, TRUMPET, FLUTE, ENCRYPT, ONCOVALUE, WARIFA, and TITAN. It aims to support other research teams, developers, and organisations in improving their data protection practices, fostering a privacy-by-design approach across different sectors.
HARPOCRATES contributions
In HARPOCRATES, the focus is on developing advanced cryptographic techniques to enable privacy-preserving data analysis across federated data environments. The project integrates functional encryption (FE) and hybrid homomorphic encryption (HHE) to allow encrypted data to be processed without direct decryption, supporting secure collaborative research and analysis.
The DPIA work in HARPOCRATES addresses several important challenges, including:
-
Working with sensitive health and cybersecurity data while ensuring compliance with GDPR principles.
-
Minimising risks of re-identification, even when using advanced machine learning and federated learning approaches.
-
Maintaining strong security measures, such as robust encryption, secure key management, and strict access controls.
These practices are presented in detail in the whitepaper to illustrate how technical and legal measures can be combined to enable responsible data sharing and analysis.
HARPOCRATES team involvement
From HARPOCRATES, contributions to the whitepaper were provided by Nenad Gligorić (Zentrix Lab), Mariano Martin Zamorano (Trilateral Research), and Tamás Kiss (University of Westminster). Their combined expertise in cryptography, data protection, and privacy-preserving technologies helped shape the section on HARPOCRATES and provided valuable insights for the overall document.
About the whitepaper
The whitepaper is structured to guide readers through the rationale and practical steps behind DPIAs, highlighting common elements such as risk assessment, data minimisation, and technical and organisational safeguards. It also emphasises the importance of continuous updates and active collaboration among legal, technical, and operational teams.
By offering concrete case studies and recommendations, the document aims to be a useful resource for projects and organisations looking to strengthen their data protection practices and comply with GDPR requirements effectively.
The full whitepaper is available for download on Zenodo.