FontsA A
ContrastA A
Newsletter sign-up [mc4wp_form id="1441"]

How to go about conducting a DPIA? 

Questions to be asked when conducting a DPIA

A DPIA must be a genuine evaluation of the risks posed to employees and outline the measures that an employer envisages taking to address them. Beyond this, there is no strict form a DPIA must take; instead what is appropriate will depend (amongst other things) upon the nature and complexity of the processing, the potential risks posed by the processing, the resources of the employer, and any further guidelines that may be put in place (for example, any guidelines related to a specific industry sector). 

In conducting a DPIA, an organisation must ask itself the following questions: 

  • What does the processing activity involve and is there a legal ground for the processing? 
  • What is the purpose of the processing? (especially in case of secondary use) what was the original purpose? 
  • Is it necessary and proportionate given the risks involved? 
  • What measures are in place to mitigate the risks? 
  • Does the processing activity comply with the GDPR in all other respects? 

Table of contents


Ask our team a question

The website was co-funded within ADOPT BBMRI-ERIC, a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 676550.
We use cookies to analyse the traffic on our websites. All personal data is anonymized and not shared with third parties! Click here for more information.