A Data Protection Impact Assessment (DPIA) is a formal process used to identify, assess, and minimise the privacy risks associated with data processing activities. Under the GDPR, a DPIA is legally mandatory before starting any new research or project that is likely to result in a high risk to the rights and freedoms of individuals (such as large-scale monitoring or processing sensitive health data).
