A Data Protection Impact Assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project.

You must do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing. You can use our screening checklists to help you decide when to do a DPIA.

It is also good practice to do a DPIA for any other major project which requires the processing of personal data.