Robert Bond (email@example.com) is Senior Counsel & Notary Public at Bristows LLP in London, UK.
A data protection impact assessment (DPIA) is usually carried out by organizations processing new personal data or deciding whether to process data in new ways or by using new technology. Many jurisdictions require the use of a DPIA, not just the European Union (EU).
The assessments are usually aimed at assisting organizations with:
Identifying the nature, scope, context, and purposes of the processing;
Assessing necessity, proportionality, and compliance measures;
Identifying and assessing risks to individuals and the organizations involved; and
Identifying measures to mitigate those risks.