Skip to ContentSkip to Navigation
ResearchResearch Data ManagementData Protection & GDPRData Privacy Impact Assessment

Data Protection Impact Assessment (DPIA)

The DPIA process is explained briefly in this flyer
The DPIA process is explained briefly in this flyer

"The DPIA is a process designed to assess the data-protection impacts of a project, policy, programme, product or service and, in consultation with relevant stakeholders, to ensure that remedial actions are taken as necessary to correct, avoid or minimise the potential negative impacts on the data subjects."[European Commission, Ethics and data protection, 2018]

The DPIA aims to:

  • map the data privacy risks in the project;
  • assess these risks; and
  • define protection measures to eliminate or mitigate the risks.


In research context a DPIA may help in clarifying responsibilities in case of partners involved. By providing a structured way of thinking the DPIA helps the researcher and the institution to comply with the requirement of data protection by design.

Do you want to know more on the DPIA method?

Read the Guidance document Starting with a DPIA methodology for human subject research.


Links to more information

Last modified:18 July 2019 4.24 p.m.