Data Protection Impact Assessment (DPIA)
A Data Protection Impact Assessment (DPIA) is a structured assessment required under UK GDPR for high‑risk processing, used to identify, evaluate, and reduce risks to individuals’ rights and freedoms before the processing begins. It records what data is processed and why, assesses necessity and proportionality, analyses risks, and documents safeguards and decisions.