Data protection impact assessment
Also known as: DPIA
A data protection impact assessment (DPIA) is a process designed to describe the processing, assess its necessity and proportionality, and help manage the risks to data subjects' rights and freedoms. A DPIA is required before high-risk processing commences, for example when using new technologies, processing sensitive data at scale, or systematically monitoring publicly accessible areas. Where a DPIA indicates high residual risk, the controller must consult the Office of the Information Commissioner before processing.
DPA reference
Data Protection Act 2020
Related terms in Obligations
Anti-money laundering
Legal obligations requiring firms to detect and report financial crime.
Conflict of interest
A situation where a professional's duty to one client may be compromised by duties to another party.
Data breach notification
The legal requirement to report personal data breaches to the OIC within 72 hours.
Data minimisation
The principle that personal data collected should be limited to what is necessary for the stated purpose.