GDPR

Data Protection Impact Assessment

Acronym : DPIA

A DPIA is a formal assessment, required for data processing likely to result in a high risk to individuals, evaluating necessity, proportionality and the measures needed to reduce that risk.

Why it matters

It forces an organization to anticipate risks to data subjects before launching a processing activity, rather than discovering them after the fact during an incident or an audit.

Concrete example

Before deploying a facial recognition video surveillance tool, a company carries out a DPIA to assess risks and mitigation measures.

Related notions

Risk assessmentHigh-risk processingData protection by design

Assess your organization's maturity on this topic

Start the diagnostic
Back to glossary