Article 35

    The controller must carry out a Data Protection Impact Assessment (DPIA) before they starts a processing that may lead to high risk for the data subjects.

    DPIA is particularly essential before any processing that involves new technology, profiling, automated decision-making that has legal effects on the individual or processing of special categories personal data or other processing that may lead to high risk for the data subjects.

    The primary purpose of a DPIA is to map out the risks related to the processing that requires extra caution. So the controller also has the opportunity to implement routines and safeguards to eliminate the risks.

    A DPIA is also an important measure to demonstrate accountability, following Article 5(2) of the GDPR.

    Advertisement

    In need of GDPR-support from a law firm?

    Get support to prepare you and your business for an audit from the DPA.

    Read more about the business law firm Sharp Cookie Advisors