Data Protection Impact Assessment (DPIA)

Under the GDPR, there is a new general accountability obligation to show one complies with the Regulation by conducting a privacy impact assessment when ‘high risk’ processing is carried out. ‘High-risk’ processing includes:

  • systematic and extensive profiling that produces legal effects or significantly affects individuals;
  • processing sensitive personal data on a large scale; and
  • systematic monitoring of a publicly accessible area on a large scale (e.g. CCTV).


Please visit:


Article 29 Working Party has issued Guidelines on Data Protection Impact Assessments (WP 248). The European Data Protection Board endorsed the GDPR related WP29 Guidelines.