Data Protection Impact Assessment

What is a Data Protection Impact Assessment?
Data Protection Impact Assessment (DPIA) is a process for building and demonstrating compliance. It is a direct consequence of the accountability principle of the General Data Privacy Regulations (GDPR). An organization is accountable for demonstrating that it has taken all of the measures necessary to ensure compliance with the GDPR.

Data controllers should see carrying out a DPIA as a useful and positive activity that aids legal compliance.

A DPIA is required whenever processing is likely to result in a high risk to the rights and freedoms of individuals.

The DPIA should be conducted BEFORE the processing and should be considered as a living tool, not merely as a one-off exercise. Where there are residual risks that can’t be mitigated by the measures put in place, the Data Protection Authority (DPA) must be consulted prior to the start of the processing.

hand and computer

DPIA Checklist and Pre-Screening Questionnaire
If a business unit/department/unit/function at Webster University is proposing to introduce a new business activity or data processing solution where the new service(s) will involve the processing of personal data, a Webster University DPIA Checklist and Pre-Screening Questionnaire will need to be completed.

As Data Controller for our employee, student and business contact data, Webster University is required to perform and document a DPIA for the University's internal processing. The DPIA is an assessment of “the necessity and proportionality of the processing” and “the impact to the rights and freedoms of individuals over the processing of their personal data.” A DPIA is also required when new technologies are introduced and when existing personal data will be used for new purposes.

Webster University Data Protection Impact Assessment Explained and the DPIA Checklist and Pre-Screening Questionnaire (requires login) can be accessed via the Office of Privacy Resources SharePoint (requires login).

Webster University business owners are required to complete the DPIA Checklist and Pre-Screening Questionnaire and submit this assessment to or 

Further GDPR and DPIA Resources: