GDPR Glossary Also known as: DPIA, privacy impact assessment
A structured risk assessment you must run before high-risk processing, to identify and reduce privacy risks.
A DPIA is a process to identify and minimise the data-protection risks of a project. It is mandatory before processing that is likely to result in a high risk — for example large-scale profiling, monitoring of public areas, or special-category data at scale.
If the DPIA shows a high residual risk you cannot mitigate, you must consult the supervisory authority before going ahead (prior consultation).
In the Regulation
Related terms
Data protection by design and by defaultBuilding data protection into systems from the outset, and defaulting to the most privacy-friendly settings.AccountabilityThe principle that you must not only comply with the GDPR but be able to demonstrate it with records and policies.ProfilingAutomated processing that evaluates personal aspects of someone — like performance, interests, behaviour or location.
Need this applied to your business?
Our data-protection lawyers turn GDPR terms into a working plan.