A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project.
You must do a DPIA for processing that is likely to result in a high risk to individuals.
It is also good practice to do a DPIA for any major project which requires the processing of personal data.
Your DPIA must:
- describe the nature, scope, context and purposes of the processing;
- assess necessity, proportionality and compliance measures;
- identify and assess risks to individuals; and
- identify any additional measures to mitigate those risks.