Data privacy impact assessment (DPIA)

ePrivacy is delighted to support and advise you in conducting a Data Protection Impact Assessment (DPIA) according to the EU General Data Protection Regulation (GDPR) for your new technologies and products. Furthermore, ePrivacy will prepare the necessary documentation as part of the DPIA process for you and align it closely with your management.


  • Efficient management of development processes: As a product developer, you benefit from being able to steer your development processes more effectively. Through a thorough Data Protection Impact Assessment (DPIA) conducted in accordance with the EU General Data Protection Regulation (GDPR), you can identify potential data protection risks early on.
  • Avoidance of post-launch adjustments in data protection: A careful DPIA saves you from costly adjustments after the launch of your product or website.
  • Prevention of data breaches and financial consequences: A thorough DPIA significantly contributes to preventing data breaches.


ePrivacy is by your side to support your Data Protection Impact Assessment (DPIA) and ensure that your new products and technologies comply with the requirements of the new data protection regulations right from the start. We actively assist you in ensuring secure handling of sensitive customer or user data, both for you and your employees. If needed, ePrivacy is ready to take full responsibility for conducting the DPIA for you. A DPIA is typically conducted at the beginning of product development and when there are changes in the operating conditions.



Risk Assessment

  • Definition of the scope and necessity of the DPIA
  • Description of data flows
  • Identification of data protection risks
Learn more about DPIAs


  • Proposed solutions for risk mitigation
  • Assessment of compliance with legal requirements
  • Action plan
Learn more about DPIAs

What is a DPIA?

Data privacy impact assessments (DPIAs) or privacy impact assessments (PIAs) are a new tool for the identification of risks to which consumers are becoming exposed in the wake of the use of new technologies and systems. These risks may compromise individuals' fundamental right to privacy and the protection of their personal data. Upon the coming into force of the EU General Data Protection Regulation, companies will under certain circumstances be legally required to carry out a DPIA prior to the implementation of a technology or prior to the application of a product. 

Personal data is being collected in the context of many online services and applications to an ever-greater extent. The move towards greater digitalization also means that offline processes will increasingly be supplemented or replaced by online solutions in the future, a development which will also increase the risk of personal data being accorded insufficient protection and thus potentially vulnerable to misuse. 

Companies which process and store personal data must comply with the current requirements of data protection legislation, for example the safeguarding of the rights of affected parties. 

As a result of the adoption of the EU General Data Protection Regulation, which will have direct effect in all Member States, technology providers and system operators will be required to carry out DPIAs. To this end, it will be necessary to gauge the risks associated with new products, services and applications from a data protection perspective ahead of their launch, with a view to limiting and potentially also reducing those risks. This new procedure will serve to integrate the concept of data protection in the "privacy by design" and "privacy by default" senses in an optimum manner at an early stage in the development for new products and technologies.

Why is it a good idea for you to carry out a DPIA and when must a DPIA be carried out?

  • As a product developer, you will be able to better manage your development processes.
  • The need for any subsequent amendments in line with data protection regulations can be dispensed with.
  • Data breaches and the associated subsequent financial losses and loss of reputation can be avoided.
  • Your compliance with the relevant legislation will be assured.
  • The European Commission recommends that DPIAs be carried out and the results thereof be submitted to national data protection agencies in the case of some new technologies, such as RFIDs or smart meters. ePrivacy is familiar with the requirements currently imposed by the data protection agencies in such cases.

What does a DPIA involve?

ePrivacy will assist you in carrying out the data privacy impact assessment (DPIA) and in developing your new products and technologies from the outset in compliance with the newly applicable data protection legislation. We will help you and your employees to ensure the secure handling of sensitive customer or user data. 

Where necessary, ePrivacy will also carry out the entire data privacy impact assessment (DPIA) on your behalf.

DPIAs are carried out upon the commencement of the product development phase and upon any changes to the framework conditions, and comprise the following steps:

Do you have questions or recommendations for us?

We are glad to receive your comments.