Data Protection Impact Assessment
A structured analysis, required under GDPR for high-risk processing, that identifies and minimizes privacy risks before a project starts. Organizations must describe the processing, assess its necessity, and document mitigations for risks to individuals. Skipping a required DPIA is itself a GDPR violation, so it is a core tool in privacy-by-design programs.