Data Protection Impact Assessment (DPIA)

There is today no formal requirement to conduct a privacy impact assessment, but under the revised DPA, a provision comparable to the one in the GDPR is expected to be introduced in the DPA. It will require a formal privacy impact assessment only in high risk cases, and should a high risk remain following the measures determined, the data protection authority has to be consulted beforehand.