Data Protection Impact Assessment (DPIA)
"The DPIA is a process designed to assess the data-protection impacts of a project, policy, programme, product or service and, in consultation with relevant stakeholders, to ensure that remedial actions are taken as necessary to correct, avoid or minimise the potential negative impacts on the data subjects."[European Commission, Ethics and data protection, 2018]
The DPIA aims to:
- map the data privacy risks in the project;
- assess these risks; and
- define protection measures to eliminate or mitigate the risks.
In research context a DPIA may help in clarifying responsibilities in case of partners involved. By providing a structured way of thinking the DPIA helps the researcher and the institution to comply with the requirement of data protection by design.
Do you want to know more on the DPIA method?
Read the Guidance document Starting with a DPIA methodology for human subject research.
Links to more information
- When is a PIA necessary ? Youtube movie by mr Marie-José Bonthuis (in Dutch)
- Autoriteit Persoonsgegevens (Contents in Dutch, mostly)
Centrum Informatiebeveiliging en Privacybescherming (CIP) (Contents in Dutch, mostly).
Please use the tab "downloads" - Gegevensbescherming.
|Last modified:||18 July 2019 4.24 p.m.|