Article 35

7 Jan 2019

The controller must carry out a Data Protection Impact Assessment (DPIA) before they starts a processing that may lead to high risk for the data subjects.

DPIA is particularly essential before any processing that involves new technology, profiling, automated decision-making that has legal effects on the individual or processing of special categories personal data or other processing that may lead to high risk for the data subjects.

The primary purpose of a DPIA is to map out the risks related to the processing that requires extra caution. So the controller also has the opportunity to implement routines and safeguards to eliminate the risks.

A DPIA is also an important measure to demonstrate accountability, following Article 5(2) of the GDPR.

Facial recognition in school fined
Glossary: Data Protection Impact Assessment
Extra sensitive data
GDPR Summary
Data Protection Impact Assessment the guide

Related Terms:

Term: Data Protection Impact Assessment
Term: Controller
Term: Processing
Term: Profiling
Term: Personal Data
Term: Article 5
Term: General Data Protection Regulation

European Essential Guarantees Recommendations

Data Protection Officer (DPO) guide

DPO conflict of interest

New SCCs from EU – the Definitive Guide

Legitimate Interest Assessment – all You Need to Know

GDPR article 49 derogations applicable to international transfers

How GDPR Affects Recruitment

Retention Policy – An overview

Follow to stay updated

most viewed

Schrems II a summary – all you need to know

What is a Personal Data Breach?

Audit Powers of the Data Protection Authority: How to Prepare

trending now

DPO conflict of interest

Schrems II a summary – all you need to know

Extra sensitive data