What is a Data Protection Impact Assessment (DPIA)?

A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project.
You must do a DPIA for processing that is likely to result in a high risk to individuals.

It is also good practice to do a DPIA for any major project which requires the processing of personal data.

Your DPIA must:

  • describe the nature, scope, context and purposes of the processing;
  • assess necessity, proportionality and compliance measures;
  • identify and assess risks to individuals; and
  • identify any additional measures to mitigate those risks.

Share this page