Data Protection Impact Assessment (DPIA) mandatory?

Pursuant to the General Data Protection Regulation (GDPR), an organization may be required to perform a Data Protection Impact Assessment (DPIA). This is the case if the data processing is likely to pose a high privacy risk to the involved data subjects. If a DPIA is mandatory, the processing of personal data may only take place after the DPIA has been carried out. The performance of a DPIA is in any case mandatory in case an organization:

  •    systematically and comprehensively evaluates personal aspects, including profiling;
  •   processes special categories of personal data on a large scale;
  •   follows people on a large scale and systematically in a public area (e.g. with camera surveillance).

The risk can be determined in concrete terms on the basis of various criteria drawn up by the European privacy supervisors. 

Perform a DPIA?

Would you like to know whether your organisation is obliged to carry out a DPIA? Please feel free to contact us for more information about our services or if you have any other questions in connection with the AVG.



Specialist data protection impact assessment (dpia)

Ask a specialist to assess whether or not you are obliged to carry out a DPIA in order to avoid fines from the Personal Data Authority.
Innovation / Growth / Commitment

Lawyer data protection impact assessment (dpia)

Do you have questions about this subject? We can help you with this. Contact us without obligation!

This website uses cookies for anonymous analysis of website traffic, to measure target groups and to show you personalized advertisements.