Data protection impact assessment (DPIA)
DPIA: the Regulation explained
The GDPR requires controllers to implement appropriate measures to ensure and be able to
demonstrate compliance with the GDPR, taking into account among others the “the risks of varying
likelihood and severity for the rights and freedoms of natural persons” (article 24 (1)).
The obligation for controllers to conduct a DPIA in certain circumstances should be understood against the
background of their general obligation to appropriately manage risks10 presented by the processing of
A “risk” is a scenario describing an event and its consequences, estimated in terms of severity and
likelihood. “Risk management”, on the other hand, can be defined as the coordinated activities to
direct and control an organization with regard to risk.
If you have any questions while using our software regarding privacy ruling, call or mail us.