Legal · DPIA template

Data Protection Impact Assessment template

Last updated · May 2026

Mindora maintains a DPIA template aligned with GDPR Article 35, the AEPD’s Guía sobre el uso de videocámaras para seguridad y otras finalidades, and the EU AI Act high-risk Title III obligations applicable to behavior monitoring in retail, public space, and elderly-care contexts. The template is offered to customers and partners under DPA and is provided as an aid — final responsibility as data controller stays with the deploying organization.

Available on requestThe current template is delivered under NDA during commercial engagements. We are working on a public, redacted version. To request the live template, email contact@mindoratechnologies.com with your organization name, sector, and intended deployment scale.

What the template covers

Purpose and lawful basis (GDPR Articles 6 and, where applicable, 9).
Necessity and proportionality test — including alternatives considered.
Data flows: capture, on-device processing, alert payload, retention, deletion.
Information to data subjects (signage, layered notice, AEPD model poster).
Rights of data subjects (Articles 15–22), including the Article 21 right to object to behavior detection.
Risks: re-identification, false positives, automated decision-making, children/vulnerable subjects.
Mitigations (edge-only architecture, skeleton-only modes, role-based access, audit logs).
Residual risk and consultation thresholds with the AEPD.

Why edge-only matters in the DPIA

Mindora’s products process video on-device. Raw video does not leave the customer’s premises by default. This collapses several risk categories of a typical cloud-AI DPIA — international transfers, third-party sub-processors handling video, and cross-customer model leakage.