Skip to content

Add Comprehensive Ethyca DPIA (EDPIA) assessment template#7385

Draft
thabofletcher wants to merge 2 commits intomainfrom
add-comprehensive-edpia
Draft

Add Comprehensive Ethyca DPIA (EDPIA) assessment template#7385
thabofletcher wants to merge 2 commits intomainfrom
add-comprehensive-edpia

Conversation

@thabofletcher
Copy link
Contributor

@thabofletcher thabofletcher commented Feb 12, 2026

Summary

Adds a Comprehensive Ethyca DPIA (EDPIA) assessment template that consolidates requirements from multiple privacy frameworks into a single, de-duplicated privacy impact assessment.

Frameworks covered:

  • GDPR DPIA (Article 35, EDPB WP248 rev.01)
  • UK GDPR DPIA (ICO guidance, Age Appropriate Design Code/Children's Code)
  • California CPRA Risk Assessment (CPPA Section 7150-7153)
  • Colorado CPA DPA (C.R.S. § 6-1-1309, 4 CCR 904-3 Rules 8.04-8.09)
  • Virginia VCDPA DPA (Va. Code Ann. § 59.1-580)
  • Connecticut DPA and other US state privacy laws
  • Best Practice PIA (ISO 29134, CNIL, NIST)

Template details:

  • 57 de-duplicated questions across 15 thematic groups
  • Each question's guidance references all applicable regulatory sources
  • Fides source mappings for automated pre-population where applicable
  • Single document satisfies compliance across all covered jurisdictions

Question groups:

  1. Processing Overview (5 questions)
  2. Data Inventory (4 questions)
  3. Legal Basis and Compliance (4 questions)
  4. Data Flows and Recipients (5 questions)
  5. Data Retention (3 questions)
  6. Automated Decision-Making and Profiling (4 questions)
  7. Risk Assessment (5 questions)
  8. Risk Mitigation Measures (5 questions)
  9. Benefits vs. Risks Analysis (4 questions)
  10. Transparency and Individual Rights (3 questions)
  11. Children and Vulnerable Groups (3 questions)
  12. Contractual Safeguards (2 questions)
  13. Consultation (5 questions)
  14. Approval and Governance (3 questions)
  15. Review and Change Management (3 questions)

Test plan

  • Migration applies successfully: alembic upgrade head
  • Migration downgrades successfully: alembic downgrade -1
  • Template is created with key ethyca_comprehensive_dpia
  • 57 questions are seeded with correct group assignments
  • Questions have appropriate fides_sources mappings

🤖 Generated with Claude Code

@thabofletcher @claude
Add Comprehensive Ethyca DPIA (EDPIA) assessment template
7734f8b 
Adds a single, de-duplicated privacy impact assessment template covering:
- GDPR DPIA (Article 35, EDPB WP248)
- UK GDPR DPIA (ICO guidance, Age Appropriate Design Code)
- California CPRA Risk Assessment (CPPA Section 7150)
- Colorado CPA DPA (C.R.S. § 6-1-1309, 4 CCR 904-3)
- Virginia VCDPA DPA (Va. Code Ann. § 59.1-580)
- Best Practice PIA (ISO 29134, CNIL, NIST)

Template includes 57 de-duplicated questions in 15 groups, with guidance
referencing all applicable frameworks for each question.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@thabofletcher thabofletcher requested a review from a team as a code owner February 12, 2026 23:16
@thabofletcher thabofletcher requested review from erosselli and removed request for a team February 12, 2026 23:16
@vercel
Copy link
Contributor

vercel bot commented Feb 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Actions Updated (UTC)
fides-plus-nightly Ignored Ignored Preview Feb 12, 2026 11:17pm
fides-privacy-center Ignored Ignored Feb 12, 2026 11:17pm

Request Review

@thabofletcher @claude
Add changelog for EDPIA assessment template
18e35d8 
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 12, 2026

Greptile Overview

Greptile Summary

This PR adds a comprehensive Ethyca DPIA (EDPIA) assessment template that consolidates privacy impact assessment requirements from multiple frameworks (GDPR, UK GDPR, CPRA, Colorado CPA, Virginia VCDPA, and best practices) into a single de-duplicated template.

Key changes:

  • Creates a new assessment template with key ethyca_comprehensive_dpia
  • Seeds 58 questions (note: PR description mentions 57, but there are actually 58) organized into 15 thematic groups
  • Each question includes guidance referencing applicable regulatory sources and Fides source mappings for automated pre-population
  • Migration follows established patterns with proper idempotency checks (verifies template doesn't exist before inserting)
  • Both upgrade and downgrade paths are implemented correctly
  • Follows the same structure as the previous privacy assessment migration (xx_2026_02_05_1500_b2c3d4e5f6g7_add_privacy_assessment_schema.py)

Minor discrepancy:
The PR description states 57 questions, but the migration contains 58 questions. This appears to be a documentation inconsistency rather than a code issue.

Confidence Score: 4/5

  • This PR is safe to merge with minimal risk, pending minor documentation fix.
  • The migration follows established patterns from the existing privacy assessment schema migration, includes proper idempotency checks to prevent duplicate insertions, and handles both upgrade and downgrade paths correctly. The data structure is well-organized with comprehensive documentation. The only issue is a minor discrepancy between the PR description (57 questions) and actual implementation (58 questions), plus a version string that uses 2024 instead of 2026.
  • No files require special attention - the implementation is straightforward and follows existing patterns.

Important Files Changed

Filename Overview
src/fides/api/alembic/migrations/versions/xx_2026_02_12_1600_f6g7h8i9j0k1_add_comprehensive_edpia.py Adds comprehensive EDPIA assessment template with 58 questions across 15 groups. Migration follows established patterns, includes proper idempotency checks, and handles both upgrade and downgrade paths correctly.

Last reviewed commit: 18e35d8

greptile-apps[bot]
greptile-apps bot reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 file reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

...s/api/alembic/migrations/versions/xx_2026_02_12_1600_f6g7h8i9j0k1_add_comprehensive_edpia.py
# Comprehensive EDPIA Template
EDPIA_TEMPLATE = {
"key": "ethyca_comprehensive_dpia",
"version": "EDPIA-2024-01",
Copy link
Contributor

@greptile-apps greptile-apps bot Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Version uses "2024" but migration is dated 2026. Consider updating to EDPIA-2026-01 to match the migration year.

@thabofletcher thabofletcher marked this pull request as draft February 12, 2026 23:31
@thabofletcher thabofletcher removed the request for review from erosselli February 12, 2026 23:32
@thabofletcher thabofletcher added the do not merge Please don't merge yet, bad things will happen if you do label Feb 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

do not merge Please don't merge yet, bad things will happen if you do

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thabofletcher