Guide to Data Protection Impact Assessments

Under the General Data Protection Regulation (GDPR), controllers need to undertake a Data Protection Impact Assessment (DPIA) for any processing that is ‘likely to result in a high risk to individuals’, including some specified types of processing. A DPIA describes a process designed to identify risks arising out of the processing of personal data and to minimise these risks as far and as early as possible. DPIAs are important tools for negating risk, and for demonstrating compliance with the GDPR.

Guide to Data Protection Impact Assessments: Full Guidance Note