An assessment of the privacy risks of a processing activity that is likely to result in a high risk to individuals.
A Data Protection Impact Assessment is required under the GDPR when processing is likely to pose a high risk to people's rights and freedoms, for example large-scale profiling or systematic monitoring. It describes the processing, assesses necessity and proportionality, and evaluates and mitigates the risks.
If significant risk remains after mitigation, the organization must consult the supervisory authority before starting the processing.
Related frameworks
KaitoSec