to DPIA or not to DPIA

By Myles Dacres

What is a DPIA?

A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. You must do a DPIA for processing that is likely to result in a high risk to individuals.

When the GDPR was first introduced it caused a lot of confusion among business owners, many of which had no idea what the document was for and also when it is required.

What does the GDPR say about DPIA’s?

“The risk to the rights and freedoms of natural persons, of varying likelihood and severity, may result from data processing which could lead to physical, material or non-material damage, in particular: where the processing may give rise to discrimination, identity theft or fraud, financial loss, damage to the reputation, loss of confidentiality of personal data protected by professional secrecy, unauthorised reversal of pseudonymisation, or any other significant economic or social disadvantage; where data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data…”

We must then focus on any potential harm to individuals first and foremost. The impact on society as a whole may also be a relevant risk factor.

A DPIA must assess the level of risk, and in particular whether it is ‘high risk’. The UK GDPR is clear that assessing the level of risk involves looking at both the likelihood and the severity of the potential harm.

For more information on Data Protection Impact Assessments tune in to our Podcast below where we share our experiences of working with DPIA’s and discuss how we have supported our clients to overcome common challenges.

Data Protection People host webinars every Friday lunchtime alternating between news of the week and topical conversation surrounding Data Protection. Our sessions are completely free to join and we always welcome new members to our ever-growing Data Protection community. If you would like to join our session live, please get in touch with: [email protected]

If you would like to take a look back at our previous podcasts you can find us on all audio-streaming platforms, including Spotify and Apple Music, by searching ‘Data Protection Made Easy’.

Contact Us

Send us a Message







We are always happy to make contact with you by either phone, email or a face to face meeting at our office or yours. We work standard UK office hours – every week day 0830 to 1730.