Data protection impact assessment (DPIA)

The DPIA is a way for organisations to systematically and comprehensively analyse data processing and help them to identify and minimize data protection risks. The DPAI is a certain process which has to be carried out in the cases where a type of processing, in particular when using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons. Furthermore, the assessment of data protection impact is carried out by assessing the impact of data protection for technological product, i.e. the use of hardware or software for processing of personal data.

GDPR states that organisations shall carry out DPIA if they plan to:

  • use systematic and extensive profiling with significant effects;
  • process special category or criminal offence data on a large scale; or
  • systematically monitor publicly accessible places on a large scale.

Your DPIA shall:

  • describe the nature, scope, context and purposes of the processing;
  • assess necessity, proportionality and compliance measures;
  • identify and assess risks to individuals;
  • identify any additional measures to mitigate those risks.

Benefits that DPIA brings:

  • demonstrates that your organisation complies with GDPR.
  • ensures that users are not at risk of their data protection rights being violated.
  • reduces operation costs by optimising information flows within projects and eliminates unnecessary data collection and processing.
  • reduces data protection risks within your organisation.
  • reduces cost and disruption of data protection safeguards by integrating them into project design at an early stage.

ECOVIS ProventusLaw can:

  • conduct Data Protection Impact Assessment,
  • consult when and how Data Protection Impact Assessment should be carried out,
  • prepare and/or revise procedures related to Data Protection Impact Assessment.

Loreta Andziulytė

Attorney at law, Partner of the Law Firm, Certified Data Protection Expert, Lawyer

Contact person