Privacy Impact Assessment Score Calculator

ANA›Life Services Authority›National Calculator Authority›Privacy Impact Assessment Score Calculator

.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }

Privacy Impact Assessment Score Calculator

Evaluate your organization's privacy risk by scoring key factors across data sensitivity, volume, processing purpose, security controls, and third-party sharing. The resulting PIA score (0–100) indicates your overall privacy risk level.

Data Sensitivity Level

Public / Non-personal data General personal data (name, email) Sensitive personal data (health, finance, location) Special category data (biometrics, race, religion, sexual orientation)

Select the highest sensitivity level of data processed.

Data Volume (number of individuals affected)

Enter the estimated number of data subjects whose data is processed.

Processing Purpose Risk

Internal operations / service delivery Marketing / analytics / profiling Automated decision-making with significant effects Surveillance / tracking / law enforcement

Select the primary purpose for which personal data is processed.

Security Controls Score (0 = none, 10 = fully implemented)

Rate your implemented security controls: encryption, access control, audit logs, incident response, etc.

Third-Party Data Sharing

No third-party sharing Sharing with trusted processors (DPA in place) Sharing with multiple third parties (some unvetted) Cross-border transfers to non-adequate countries

Select the level of third-party or cross-border data sharing involved.

Data Retention Period (months)

Enter how long personal data is retained in months.

Calculate PIA Score Your PIA score will appear here.

function priCalc() { var resultEl = document.getElementById("pri-result");

// --- Inputs --- var sensitivity = parseFloat(document.getElementById("pri-sensitivity").value); var volume = parseFloat(document.getElementById("pri-volume").value); var purpose = parseFloat(document.getElementById("pri-purpose").value); var controls = parseFloat(document.getElementById("pri-controls").value); var thirdparty = parseFloat(document.getElementById("pri-thirdparty").value); var retention = parseFloat(document.getElementById("pri-retention").value);

// --- Validation --- if (isNaN(volume) || volume Please enter a valid number of individuals (minimum 1)."; return; } if (isNaN(controls) || controls 10) { resultEl.innerHTML = "Security controls score must be between 0 and 10."; return; } if (isNaN(retention) || retention Please enter a valid retention period (minimum 1 month)."; return; }

// --- Formula Components ---

// 1. Sensitivity Score (S): scale 1–4 mapped to 0–30 var S = ((sensitivity - 1) / 3) * 30;

// 2. Volume Score (V): logarithmic scale, log10(volume) mapped to 0–20 // log10(1)=0 → 0, log10(100,000,000)=8 → 20 var logVol = Math.log10(volume); var V = Math.min((logVol / 8) * 20, 20);

// 3. Purpose Risk Score (P): scale 1–4 mapped to 0–20 var P = ((purpose - 1) / 3) * 20;

// 4. Security Control Mitigation (M): higher controls reduce risk // M = (1 - controls/10) * 15 → fully secured = 0, no controls = 15 var M = (1 - controls / 10) * 15;

// 5. Third-Party Sharing Score (T): scale 0–3 mapped to 0–10 var T = (thirdparty / 3) * 10;

// 6. Retention Score (R): log scale, log10(retention) mapped to 0–5 // log10(1)=0 → 0, log10(600)≈2.78 → 5 var logRet = Math.log10(retention); var R = Math.min((logRet / Math.log10(600)) * 5, 5);

// --- Total PIA Score (0–100) --- // PIA = S + V + P + M + T + R var PIA = S + V + P + M + T + R; PIA = Math.min(Math.max(PIA, 0), 100); var PIARounded = PIA.toFixed(1);

// --- Risk Band --- var band, bandColor, advice; if (PIA " + PIARounded + " / 100 " + "#### Risk Level: " + band + " " + "" + advice + "

" + "" + "" + "Component" + "Score" + "Max" + "" + "" + "Data Sensitivity (S)" + S.toFixed(2) + "30" + "Data Volume (V)" + V.toFixed(2) + "20" + "Processing Purpose (P)" + P.toFixed(2) + "20" + "Security Gap (M)" + M.toFixed(2) + "15" + "Third-Party Sharing (T)" + T.toFixed(2) + "10" + "Data Retention (R)" + R.toFixed(2) + "5" + "Total PIA Score" + PIARounded + "100" + "" + ""; }

#### Formula

PIA Score = S + V + P + M + T + R (capped at 100)

S (Sensitivity, 0–30): S = ((sensitivity_level − 1) / 3) × 30 | Levels: 1=Public, 2=General PII, 3=Sensitive, 4=Special Category
V (Volume, 0–20): V = min((log₁₀(individuals) / 8) × 20, 20) | Logarithmic scale; 8 = log₁₀(100,000,000)
P (Purpose Risk, 0–20): P = ((purpose_level − 1) / 3) × 20 | Levels: 1=Operations, 2=Marketing, 3=Automated Decisions, 4=Surveillance
M (Security Gap, 0–15): M = (1 − controls_score / 10) × 15 | Higher security controls reduce the score
T (Third-Party Sharing, 0–10): T = (sharing_level / 3) × 10 | Levels: 0=None, 1=Trusted, 2=Multiple, 3=Cross-border
R (Retention, 0–5): R = min((log₁₀(months) / log₁₀(600)) × 5, 5) | Logarithmic scale; 600 months = 50 years

Risk Bands: 0–24 = Low | 25–49 = Moderate | 50–74 = High | 75–100 = Very High

#### Assumptions & References

The scoring model is aligned with GDPR Article 35 (Data Protection Impact Assessment) criteria and the ICO's DPIA guidance.
Sensitivity levels follow GDPR Article 9 special category classifications and general personal data definitions under Article 4.
Security controls scoring reflects the NIST Privacy Framework and ISO/IEC 27701 control implementation maturity.
Third-party sharing risk reflects GDPR Chapter V requirements for international transfers and Article 28 processor obligations.
A score ≥ 50 (High Risk) triggers the recommendation for a formal DPIA per GDPR Article 35(1) and supervisory authority guidelines.
This calculator provides a screening-level estimate. It does not replace a full DPIA conducted by qualified privacy professionals.

Privacy Impact Assessment Score Calculator

Privacy Impact Assessment Score Calculator

More Calculators

Read Next

References

Privacy Impact Assessment Score Calculator

Privacy Impact Assessment Score Calculator

More Calculators

Read Next

References

Related Authorities