Data Protection Impact Assessment
A formal assessment required by GDPR for data processing activities that pose a high risk to individuals' privacy rights.
What Data Protection Impact Assessment means
A Data Protection Impact Assessment (DPIA) is a systematic evaluation required by GDPR Article 35 when data processing is likely to result in high risk to individuals' rights and freedoms. In advertising, DPIAs may be required for large-scale profiling, new tracking technologies, systematic monitoring of public areas, or processing sensitive data categories. A DPIA must describe the processing operations, assess necessity and proportionality, evaluate risks to data subjects, and identify measures to mitigate those risks. For advertising operations, DPIAs are particularly relevant when implementing new tracking technologies, cross-platform data matching, or audience profiling at scale. Failure to conduct required DPIAs can result in significant GDPR fines.
Related terms
Data Protection Officer
A designated role responsible for overseeing an organization's data protection strategy and GDPR compliance.
GDPR
The General Data Protection Regulation — the EU's comprehensive data protection law governing how personal data is collected, processed, and stored.
Data Controller
The entity that determines the purposes and means of processing personal data, bearing primary responsibility under GDPR.
Consent
A user's explicit or implied permission for data collection, processing, or advertising targeting, required by privacy regulations.