DPIA: How to Carry Out One of the Key Principles of Accountability

  • Jules SarratEmail author
  • Raphael Brun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11079)


New projects and initiatives are continuously and increasingly taking place in large organizations. Therefore, privacy teams are legitimately wondering if all these projects need a Data Protection Impact Assessment, and which one need to be supported in priority. And what about other projects? Generally speaking, can these GDPR compliant projects rely on the existing ecosystem? And what to do with processing activities already implemented? Many questions to which we will try to answer in this paper.


Data protection impact assessment Privacy by design WP29 criteria Processing operation sensitivity 


  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016Google Scholar
  2. 2.
    Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is ‘likely to result in a high risk’ for the purposes of Regulation 2016/679 - WP 248 rev. 01Google Scholar
  3. 3.
  4. 4.

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.WavestoneParis La DéfenseFrance

Personalised recommendations