What is a DPIA?
Home » The GDPR » Main Tools and Actions » Data Protection Impact Assessment (DPIA) » What is a DPIA?

A DPIA is a continuous process[1] that guides and supervises the implementation of a processing activity such that it complies with all data protection requirements and that the impact on natural persons is minimized. This process is documented in the DPIA report.

Figure 1 shows an illustration of the process provided by the Article 29 Working Party[2].

Figure 1: Generic iterative process for carrying out a DPIA according to the Article 29 Working Party.




1wp248rev.01, page 14, Section III.D.a), 3rd paragraph: “Carrying out a DPIA is a continual process, not a one-time exercise.”

2wp248rev.01, page 16, Section III.D.3), 2nd paragraph.

Skip to content