More

      Data Protection Impact Assessment

      « Back to Glossary Index

      Article 35 of the GDPR stipulates that a processor must carry out a Data Protection Impact Assessment (DPIA) before starting processing data that may lead to high risk for the data subjects. A DPIA is particularly important before processing that involves new technology, profiling, automated decision-making that has legal effects on the individual and if it involves special categories of personal data etc.

      The purpose of a DPIA is to map out the risks related to the processing and implement routines and safeguards to mitigate them. A DPIA is also an important measure to demonstrate accountability, in accordance with the article 5(2) of the GDPR.

      « Back to Glossary Index