← Full glossary
DPIA (data protection impact assessment)
An impact assessment required by Article 35 of the GDPR when a processing operation is likely to involve a high risk to data subjects — for example systematic monitoring, large-scale processing of sensitive data, or new technology such as facial recognition. The assessment must describe the processing, evaluate necessity and proportionality, map the risks and define mitigating measures. If the risk cannot be reduced, the data protection authority must be consulted before processing begins. The Danish DPA has published a list of operations that always require a DPIA.
Related module