Data Protection Impact Assessment

What is a DPIA?

The General Data Protection Regulation (GDPR) requires organisations to carry out a risk assessment (a DPIA) in certain circumstances. Usually, a DPIA should be carried out before you begin processing data in a new way – at the start of any major project involving the use of personal data or if you are making a significant change to an existing processing activity. A DPIA is a process which aims to identify risks arising out of the processing of personal data and to minimise those risks where possible. DPIAs are a vital tool for demonstrating compliance with data protection law and also for reducing risk of non-compliance and possible sanctions. The final outcomes should be integrated back into your project plan.

Download or view the TU Dublin Criteria for Conducting a Data Protection Impact Assessment

Download or view the TU Dublin Data Protection Impact Assessment Form

Download or view the TU Dublin Guidelines for Conducting a Data Protection Impact Assessment