Data Protection Impact Assessment (DPIA)

Based on the General Data Protection Regulation (GDPR), an organization may be required to carry out a Data Protection Impact Assessment (DPIA). A DPIA is an instrument to identify privacy risks of a processing of personal data in advance, in order to subsequently be able to take measures to reduce the risks. If the DPIA demonstrates that the privacy risks are high, you can take measures to limit the risks.

Data Protection Impact Assessment (DPIA) mandatory?

Pursuant to the General Data Protection Regulation (GDPR), an organization may be required to perform a Data Protection Impact Assessment (DPIA). This is the case if the data processing is likely to pose a high privacy risk to the involved data subjects. If a DPIA is mandatory, the processing of personal data may only take place after the DPIA has been carried out. The performance of a DPIA is in any case mandatory in case an organization:

  •    systematically and comprehensively evaluates personal aspects, including profiling;
  •   processes special categories of personal data on a large scale;
  •   follows people on a large scale and systematically in a public area (e.g. with camera surveillance).

The risk can be determined in concrete terms on the basis of various criteria drawn up by the European privacy supervisors. 

Perform a DPIA?

Would you like to know whether your organisation is obliged to carry out a DPIA? Please feel free to contact us for more information about our services or if you have any other questions in connection with the AVG.



Specialist data protection impact assessment (dpia)

Ask a specialist to assess whether or not you are obliged to carry out a DPIA in order to avoid fines from the Personal Data Authority.
Innovation / Growth / Commitment

Lawyer data protection impact assessment (dpia)

Do you have questions about this subject? We can help you with this. Contact us without obligation!

040 - 248 1881