Data protection impact assessment (DPIA)

A data protection impact assessment (DPIA) is a process that helps identify and minimize the data protection risks of processing personal data by a Data controller . A DPIA is required under GDPR before beginning a new project that is likely to involve a high risk to other people’s personal information.

When assessing the level of risk, you must consider the likelihood and potential severity of impact on individuals. The high risk could result from either a high probability of some harm or a lower possibility of serious harm.

Some examples of situations where a DPIA might be needed include:

  • Using new technologies for processing Personal data .
  • Processing personal data related to sensitive information like racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic and biometric data to identify a natural person, information concerning health or sexual orientation, etc.
  • Data processing used to make automated decisions about people that could have legal or other significant effects on them.Processing children’s data.
  • Tracking users’ location or behavior.

A DPIA must:

  • Describe the data processing’s nature, scope, context, and purposes.
  • Assess the necessity and proportionality of data processing and any compliance measures in place.
  • Identify the risks to individuals.
  • Identify any additional measures applicable to mitigate those risks.

Read more about DPIA:


  • EU-US data transfers uncertainties: How an EU-based analytics platform can improve your marketing performance

    European digital marketers are facing unprecedented levels of disruption. Increasing regulatory scrutiny and growing doubts about the legality of EU-US data transfers demand an urgent reassessment of your tech stack. In the very near future, relying on US-based analytics and consent platforms will expose your organization to operational, legal, and financial risks that can no…

  • HIPAA, marketing and advertising: How to run compliant campaigns in healthcare

    Healthcare organizations deal with tons of sensitive information concerning people’s health. It needs to be handled with proper care. In the US, safe parameters for using this kind of data in different contexts, including marketing, are set by HIPAA. Unfortunately, many companies are still unaware of the provisions of the law and the potential consequences…