Data Protection Impact Assessment
What is a DPIA?
The General Data Protection Regulation (GDPR) requires organisations to carry out a risk assessment (a DPIA) in certain circumstances. Usually, a DPIA should be carried out before you begin processing data in a new way – at the start of any major project involving the use of personal data or if you are making a significant change to an existing processing activity. A DPIA is a process which aims to identify risks arising out of the processing of personal data and to minimise those risks where possible. DPIAs are a vital tool for demonstrating compliance with data protection law and also for reducing risk of non-compliance and possible sanctions. The final outcomes should be integrated back into your project plan.