Data Protection Impact Assessments are used to identify and protect against any data protection related risks arising from a new project. Under the new GDPR these impact assessments will be mandatory for any high-risk processing projects.


  • Will allow you to make informed decisions about the acceptability of data protection risks and communicate it with the individuals affected
  • Will allow you to identify and protect against data protection risks
  • Plan implementation solutions if needed
  • Asses viability of the new project
  • Will help you demonstrate compliance with the new GDPR and avoid sanctions
  • Minimize risks of new projects
  • Giving confidence to the customers about data protection issue

When is needed?

If your organization or body collects, stores or uses personal data, the individuals whose data you are processing are exposed to risks. These risks imply either that the data is stolen or inadequately released or used by criminals or improperly used by your organization.

A Data Protection Impact Assessment describes these processes, identify the risks arising out from processing the data and minimizes the risks as early as possible.