GDPR Glossary

What is Data Protection Impact Assessment?

GDPR Glossary Also known as: DPIA, privacy impact assessment

A structured risk assessment you must run before high-risk processing, to identify and reduce privacy risks.

A DPIA is a process to identify and minimise the data-protection risks of a project. It is mandatory before processing that is likely to result in a high risk — for example large-scale profiling, monitoring of public areas, or special-category data at scale.

If the DPIA shows a high residual risk you cannot mitigate, you must consult the supervisory authority before going ahead (prior consultation).

In the Regulation

Related terms

Need this applied to your business?

Our data-protection lawyers turn GDPR terms into a working plan.

Get advice