DPIA

the assessment everyone says they'll do "before launch" and then launches without doing it, now legally required under GDPR Article 35 for every high-risk AI system that touches personal data.

"i asked when the DPIA was completed. they said 'we're planning to do it in Q3.' the system has been in production since Q1. of last year."
"our DPIA for the recommendation engine is four pages long and says 'risk: low' on every line. the system processes health data for 2 million users. i don't think they understood the assignment."
"the DPO signed off on the DPIA without knowing the model was retrained monthly on new customer data. the DPIA assessed the original model. which no longer exists."
Share this one
Canonical Definition

Data Protection Impact Assessment. Required under GDPR Article 35 when processing is likely to result in high risk to the rights and freedoms of natural persons. For AI systems, DPIAs must assess: automated decision-making including profiling (Art. 35(3)(a)), large-scale processing of special categories of data (Art. 35(3)(b)), and systematic monitoring of publicly accessible areas (Art. 35(3)(c)). The assessment must describe the processing, evaluate necessity and proportionality, assess risks, and identify measures to address those risks. A DPIA is not a one-time document — it must be reviewed when processing changes.

Why It Matters

The DPIA is the GDPR’s primary mechanism for proactive risk management. It forces organisations to assess the data protection impact of high-risk processing before that processing begins — not after the regulator asks why you did not. For AI systems, this is critical because the risk profile changes every time the model is retrained, the data pipeline is modified, or the system is deployed to a new use case.

Most DPIA failures in AI are not failures of intent. They are failures of scope and timing. The DPIA assesses the model at version 1.0. The model is now at version 3.7. The DPIA assessed credit scoring. The model is now also used for fraud detection. The DPIA was conducted by the privacy team. The AI team was not consulted. The result is a document that describes a system that no longer exists, governing risks that were never the actual risks.

Under the EU AI Act, high-risk AI systems deployed by public bodies or private entities providing essential services will additionally require a Fundamental Rights Impact Assessment (FRIA). The DPIA and FRIA overlap but are not substitutes. Organisations must conduct both, and the evidence must demonstrate that each was conducted with appropriate rigour and updated when material changes occurred.

The Stress Test

Your regulator asks for the DPIA for your AI-powered hiring tool. You produce a 12-page document signed off eighteen months ago. The regulator notes that the system has been retrained four times since the DPIA was completed, the training data now includes social media signals that were not in scope of the original assessment, and the system has been deployed to three additional countries whose national DPIA requirements differ from your home jurisdiction.

The regulator does not ask whether you did a DPIA. You did. The regulator asks whether the DPIA reflects the system as it currently operates. It does not. The document is not wrong. It is stale. And stale, in regulatory terms, is the same as absent.

In the Wild

Enforcement — Sweden, 2019
Swedish School Fined SEK 200K for Facial Recognition Without DPIA

A Swedish high school used facial recognition technology to monitor student attendance. The Swedish Data Protection Authority (Datainspektionen) found that the school had failed to conduct a DPIA before deploying the system, despite processing biometric data of minors — a processing operation that clearly met the Article 35(3) threshold. The school argued it had obtained consent from parents. The authority ruled that consent was not freely given due to the power imbalance between educational institutions and students, and that the absence of a DPIA was an independent violation regardless of the lawful basis question.

The school tried to solve a lawful basis problem. The regulator found a DPIA problem they had not even considered. Two violations instead of one.

Enforcement — Netherlands, 2023
Dutch Tax Authority: Algorithmic Profiling Without Adequate Impact Assessment

The Dutch childcare benefits scandal (toeslagenaffaire) revealed that the tax authority (Belastingdienst) used algorithmic risk profiling to flag fraudulent benefit claims. The system disproportionately targeted families with dual nationality. The Autoriteit Persoonsgegevens found that the risk models processed nationality and ethnicity indicators without adequate impact assessment, in violation of both GDPR non-discrimination principles and DPIA requirements. The scandal led to the resignation of the Dutch government in January 2021.

A DPIA done properly would have surfaced the discriminatory proxy variables before deployment. The assessment that was not done cost a government its mandate.

Guidance — EDPB, 2024
EDPB Guidelines on AI and DPIA Triggers

The European Data Protection Board published updated guidance confirming that virtually all AI systems processing personal data will trigger the DPIA requirement under at least one of the Article 35(3) criteria or the national supervisory authority blacklists. The guidance emphasised that DPIAs for AI must specifically address: the logic of the model, the training data provenance, the potential for discriminatory outcomes, the accuracy and error rates, and the impact of model updates on the original risk assessment. The EDPB explicitly stated that a DPIA conducted at initial deployment that is not updated when the model changes is not compliant.

The EDPB did not expand the DPIA requirement. It clarified that AI systems were always in scope. Organisations that thought otherwise were reading selectively.

How to Govern It

A DPIA is not a document. It is a living process that must track the system it governs.

Within the AI Control Index, DPIA governance operates across multiple layers and shields:

  • GRC (S1) — Evidence Factory manages DPIA lifecycle: initial assessment, periodic review triggers (model retrain, data source change, new deployment), sign-off workflows, and version control. The DPIA is an evidence artifact, and the Evidence Factory helps keep it current through periodic review triggers and version control.
  • Data (L6) — Data lineage feeds the DPIA with accurate information about what personal data enters the system, from which sources, under which lawful basis. Without data lineage, the DPIA is fiction.
  • Ethics & Fairness (L2) — Bias and fairness testing results feed the DPIA’s assessment of discriminatory impact. The DPIA asks “what is the risk?” Bias testing provides the quantitative answer.
  • Strategy (L1) — Gate controls that prevent AI systems from progressing to production without a completed, current DPIA. The gate is the enforcement mechanism that makes the DPIA requirement operational, not aspirational.
  • Observability (S4) — Runtime monitoring detects when processing characteristics drift from the DPIA’s assumptions, triggering reassessment.

When It’s Relevant

Any AI system that processes personal data where the processing is likely to result in high risk. In practice, this means virtually all AI systems that process personal data, because AI inherently involves at least one Article 35(3) trigger: automated decision-making, new technology, or large-scale processing.

A DPIA is most critical when:

  • The AI system makes or materially influences decisions about individuals
  • Processing involves special category data (health, biometrics, ethnicity, political opinions)
  • The system profiles individuals systematically or at scale
  • The model has been retrained or the data pipeline modified since the last DPIA review
  • The system is deployed in a new jurisdiction with different supervisory authority requirements

See this control in the framework. DPIA governance is operationalised across S1, L6, L2, L1, and S4 in the AI Control Index v6.0.

Open Framework →

Related Terms

References

  1. [1] European Parliament and Council of the European Union (2016) Regulation (EU) 2016/679, Article 35: Data Protection Impact Assessment. Official Journal of the European Union, L 119.
  2. [2] Article 29 Working Party (2017) Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk”. WP 248 rev.01, 4 October 2017.
  3. [3] Datainspektionen (2019) Decision regarding Skelleftea Municipality, DI-2019-2221. Swedish Data Protection Authority, August 2019.
  4. [4] Autoriteit Persoonsgegevens (2021) Belastingdienst/Toeslagen: verwerking van de nationaliteit van aanvragers van kinderopvangtoeslag. Dutch Data Protection Authority, July 2021.
  5. [5] European Data Protection Board (2024) Guidelines on the use of artificial intelligence and data protection impact assessments. EDPB, Brussels.
  6. [6] Kaminski, M.E. and Malgieri, G. (2021) ‘Algorithmic Impact Assessments under the GDPR: Producing Multi-layered Explanations’, International Data Privacy Law, 11(2), pp. 125–144. doi: 10.1093/idpl/ipaa020.
  7. [7] ICO (2023) AI and Data Protection Risk Toolkit. Information Commissioner’s Office, Wilmslow.

AI Control Index v6.0 · Glossary · June 2026 · i-DEPOT 158508 (BOIP) · CC BY-NC-ND 4.0

By Jeroen Janssen, Apparens