Privacy Glossary

DPIA

Data Protection Impact Assessment — a systematic process to identify and minimise privacy risks in new processing activities.

GDPRDPDP ActLGPD

Full Definition

A Data Protection Impact Assessment (DPIA) is a formal process used to identify, assess, and mitigate privacy risks before commencing processing activities that are likely to result in a high risk to individuals. Under GDPR Article 35, DPIAs are mandatory for processing that is likely to result in high risk — including large-scale processing of sensitive data, systematic monitoring, and use of new technologies. A DPIA must describe the processing, assess necessity and proportionality, identify risks to data subjects, and document measures to address those risks. If residual risks remain high, a controller must consult their supervisory authority before processing.

Back to all terms

Related terms

Data Controller

An entity that determines the purposes and means of processing personal data.

Privacy Impact Assessment

A process to systematically identify and address privacy risks in a project, system, or business process.

Lawful Basis

A legal justification under GDPR for processing personal data — one of six bases must apply before processing can begin.

Relevant regulations

GDPR

DPDP Act

LGPD

Browse more terms

Explore all 25 privacy and compliance terms in our glossary.

View full glossary

Automate your privacy program

TruePrivacy handles DSRs, consent management, data mapping, and breach response — all in one platform.

Start Free Trial Book a Demo