Printer Friendly, PDF & Email

Data protection impact assessments in the EU

Robert Bond ( is Senior Counsel & Notary Public at Bristows LLP in London, UK.

A data protection impact assessment (DPIA) is usually carried out by organizations processing new personal data or deciding whether to process data in new ways or by using new technology. Many jurisdictions require the use of a DPIA, not just the European Union (EU).

The assessments are usually aimed at assisting organizations with:

  • Identifying the nature, scope, context, and purposes of the processing;

  • Assessing necessity, proportionality, and compliance measures;

  • Identifying and assessing risks to individuals and the organizations involved; and

  • Identifying measures to mitigate those risks.

This document is only available to members. Please log in or become a member.