Data Protection Impact Assessment (DPIA)

A structured assessment required under GDPR Article 35 when data processing is likely to result in high risk to individuals' rights and freedoms. A DPIA identifies risks, evaluates necessity and proportionality, and documents mitigation measures. Required for systematic profiling, large-scale processing of sensitive data, and public area monitoring. Many organizations also conduct DPIAs for AI systems that process personal data, even when not strictly required.