Data Protection Impact Assessment

Article 35 of the GDPR provides for Data Protection Impact Assessments (DPIA). According to Article 35(1) a DPIA is required when “the processing [of data] is likely to result in a high risk to the rights and freedoms of natural persons.”

A DPIA should be carried out “prior to the processing” where a likely high risk processing is planned. data controller must choose a DPIA methodology or specify and implement a systematic DPIA process.

Source: DATA PROTECTION IMPACT ASSESSMENT

>