Skip to main content
All CollectionsData and SecurityGDPR
Privacy Impact Assessment
Privacy Impact Assessment

What a PIA is, and what it means for you

Laura Montgomery-Hurrell avatar
Written by Laura Montgomery-Hurrell
Updated over 4 years ago

A Privacy Data Assessment (Article 35 of the GDPR Act) is a check performed when the processing of data could result in a high risk to the rights and freedoms of a person. The data controller must conduct this impact assessment and document it before starting the data processing. The law considers the following to be some examples of a high risk of privacy violation:

  • Scoring/profiling, 

  • Automatic decisions which lead to legal consequences for those affected, 

  • Systematic monitoring, 

  • Processing of special personal data, 

  • Large-scale data processing, 

  • The merging or combining of data which was gathered by various processes, 

  • Data about incapacitated persons or those with limited ability to act, 

  • Use of newer technologies or biometric procedures, 

  • Data transfer to countries outside the EU/EEC,

  • Data processing which hinders those involved in exercising their rights. 

A PIA should be performed if data to be processed meets two or more of these criteria. If in doubt a PIA should be performed anyway. This assessment should be performed every three years.

To read more, please take a look at this website.

Related Articles
GDPR is a game changer
What can a student do in Privacy Centre?
Processing, Personal Data and Data Subjects statement
Form Compliance
How do I create a new DIY form? Step 2: Configuration
Did this answer your question?