Data Protection Impact Assessment

From Open Risk Manual


Data Protection Impact Assessment is an assessment that must be carrierd by the Data Controller of the impact of the envisaged processing operations on the protection of Personal Data when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons.

This assessment has to be done prior to the processing and, in particular if using new technologies, has to take into account the nature, scope, context and purposes of the processing.

A single assessment may address a set of similar processing operations that present similar high risks, as stated in the Article 39 of Regulation 2018/1725.