DPIA (Data Protection Impact Assessment)

A Data Protection Impact Assessment (DPIA) is a process designed to help organizations systematically analyze, identify, and minimize data protection risks of a project or processing activity. Under GDPR (Article 35), DPIAs are mandatory when processing is likely to result in a high risk to individuals' rights and freedoms. This includes: systematic and extensive profiling, large-scale processing of special category data, and large-scale systematic monitoring of public areas. A DPIA should describe the processing operations, assess the necessity and proportionality, evaluate risks to individuals, and identify measures to mitigate those risks. Organizations should conduct DPIAs before beginning the processing activity.