DPIA (Data Protection Impact Assessment)
DPIA is a formal assessment for minimizing the personal risk of privacy and personal data. Under the GDPR, a DPIA must be performed before starting an activity related to the processing of personal data, where privacy rights may be at risk.
In any case, the DPIA must contain the following type of information (this list is not complete):
- a description of the planned activity / the source of the risk
- the type of information to be processed
- how and why the data should be processed
- an evaluation of the need for the planned activity
- the nature of the risks
- the severity of the risks
- with whom the information would be shared and where in the world
- it would be sent
- how data is protected during shipping and storage
- security and technology to be applied to reduce risks
Ask for legal advice for more information about DPIA and your DPIA obligations.