The Data Protection Impact Assessment According to Article 35 GDPR
A Practitioner's Manual
According to the EU General Data Protection Regulation (GDPR), a Data Protection Impact Assessment (DPIA) must be performed whenever the processing of personal data is likely to pose a high risk to the rights and freedoms of natural persons. A Data Protection Impact Assessment is a systematic risk analysis that should be conducted before commencing data processing. Its purpose is to help data controllers identify and assess potential dangers, and select and implement suitable mitigation measures. This manual provides a concise introduction to the requirements of the GDPR relating to the Data Protection Impact Assessment and its objectives. It discusses the necessary preconditions for successfully performing a DPIA and provides a step-by-step guide to the conduct of a DPIA.