DPG Resources

Data Protection Impact Assessment (DPIA)

A Data Protection Impact Assessment (DPIA) is a way to systematically and comprehensively analyse processing and help identify and minimise data protection risks. DPIAs should consider compliance risks, but also broader risks to the rights and freedoms of individuals, including the potential for any significant social or economic disadvantage. The focus is on the potential for harm – to individuals or to society at large, whether it is physical, material or non-material. To assess the level of risk, a DPIA must consider both the likelihood and the severity of any impact on individuals.

Data protection impact assessments are required under the GDPR, but in general are a good requirement for any humanitarian technology project using data. Most EU countries have a web page with resources on how to conduct one. For reference, the one from the UK includes a document template in fill in.