Data Protection Impact Assessment (DPIA)

Definition:

A DPIA is an assessment carried out prior to any processing of Personal Data which is likely to result in a high risk to the rights and freedoms of Data Subjects. The assessment should typically include: a) a description and purpose of the processing operations; b) the necessity and proportionality of the processing operations in relation to the purposes; c) an assessment of the risks to the rights and freedoms of Data Subjects; and d) the measures envisaged to address the risks.

Commentary:

Under the GDPR and other data protection laws, a DPIA is a mandatory requirement in some situations. A Privacy Impact Assessment (PIA) is a similar assessment that organisations may undertake, but is not legally mandated.