HOPEX GDPR > Assessing Processing Activities > Performing Impact Assessment (DPIA) > About DPIAs
About DPIAs
When to conduct a DPIA?
If the pre-assessment indicates that the risk is high, you (the DPO or GDPR team) must conduct a DPIA.
*For more information on pre-assessment see Performing the Pre-Assessment.
When the processing is likely to result in a high risk to the rights and freedoms of the data subjects, a DPIA is mandatory.
What is a DPIA?
A DPIA is a detailed risk assessment.
The DPIA needs to display:
the characteristics of the processing activity
the risks which may have an impact on compliance.
*For more information, see Assessing Risks.
the remediation actions ensuring the processing activity is under control
*For more information, see Recommendations and Remediation Actions.