UNESCO Chair in Bioethics


  • Bioethics and Law Observatory
  • UNESCO Chair in Bioethics
  • University of Barcelona
  • Faculty of Law
  • Ave. Diagonal, 684
  • 08034 Barcelona
  • (+34) 93 403 45 46
  • obd.ub@ub.edu
  • Master in Bioethics and Law
  • (+34) 93 403 45 46
  • master.bd@ub.edu


Presentation of the methodology and the tool for Conducting Data Protection Impact Assessment (DPIA) for the Health Care System


During 2020 the Office of the Data Protection Officer (DPO) of the Fundació TICSALUT in collaboration with a multidisciplinary team coordinated by Dr. Itziar de Lecuona, deputy director of the Observatory of Bioethics and Law - UNESCO Chair of Bioethics at the University of Barcelona, have developed a methodology and an agile tool to carry out a DPIA in health based on the model of the Catalan Authority for Data Protection.

This proposal has been adapted to the specific needs of the health care system to evaluate personal data treatments in research and innovation processes. The results are a methodology and a tool that allows a self-assessment to detect risks in the processing of personal data and their mitigation using simple/plain language; with definitions and examples to identify the actors involved and to describe the data processing in order to measure the risks and to establish an action plan.

In short, the proposal helps the data controller and the agents involved in the decision-making process with automated suggestions and allows a detailed analysis of the life cycle of the personal data involved. The DPIA in health care includes specific sections to evaluate the use of emerging technologies such as artificial intelligence. Likewise, the tool enables to show the assessment of the entitled Data Protection Officer. 

The proposal is based in the proactive responsibility and risk assessment in the processing of personal data established by the data protection regulations since 2018 (General Data Protection Regulation). With this tool, the DPO Office contributes to the homogenization and standardization of the methodology and criteria to help the health care entities to carry out their tasks. It deepens in those aspects and particularities of the sector in a coordinated and systematized way.

Today, December 17, 2020, the DPO Office and the team coordinated by Dr. Itziar Lecuona including Ricard Mas -industrial engineer and expert consultant in operations and digital transformation- and Paula Subías -mathematician and specialist in data science applied to health- have presented the methodology and the tool through a case study to the data protection coordinators of the entities adhered to the DPO of Salut (TICSALUT). 

This tool is available in Catalan, Spanish and English: