Data Protection Impact Assessment (DPIA)
Legal basis: GDPR Arts. 35–36
PurposeWhere processing is likely to result in a high risk to rights and freedoms, the controller must carry out a prior impact assessment. We conduct and document the DPIA, with mitigation measures and, where applicable, prior consultation of the AEPD.
What it includes
- Risk screening against AEPD lists
- Full assessment and mitigation plan
- Prior consultation of the authority, if applicable
Deliverables
- Risk screening report
- DPIA report with mitigation measures
- Residual-risk decision and prior consultation
Intended forOrganisations planning high-risk processing, new digital products or AI systems.