FontsA A
ContrastA A
Newsletter sign-up [mc4wp_form id="1441"]

Topic: DPIAs (Data Protection Impact Assessments)

Browse resources and find out how to go about conducting Data Protection Impact Assessments

The GDPR introduces in Article 35 the Data Protection Impact Assessment (DPIA) as a mandated assessment for specific cases in which there is a high risk to freedom and the rights of data subjects. These specific cases are elaborated by the Data Protection Working Party (WP29) and the National Authority. The Data Protection Working Party identified nine criteria that should consider evaluating if a process is likely to result in a high risk for the rights and the freedom of the data subject. For European research projects, the criteria are specified in the guidance for the ethics self-assessment5. The DPIA process aims to ensure that controllers adequately address privacy and data protection risks of ‘risky’ processing operations. By providing a structured way of thinking about the risks to data subjects and how to mitigate them, DPIAs help organisations to comply with the requirement of ‘data protection by design’.  


Ask our team a question

The website was co-funded within ADOPT BBMRI-ERIC, a project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 676550.
We use cookies to analyse the traffic on our websites. All personal data is anonymized and not shared with third parties! Click here for more information.