Data Protection Impact Assessment

2 hour(s)
12 lessons
1 quiz

About topic

In this theoretical sub-module, small and medium-sized entrepreneurs (users) will be able to learn and understand:

  • in which cases they are obliged to carry out a data protection impact assessment
  • what criteria are taken into account when assessing whether the processing of personal data will result in a high risk to the rights and freedoms of individuals
  • a list of types of processing operations subject to the requirement for a data protection impact assessment
  • what the impact assessment must contain and who is responsible for carrying out the data protection impact assessment


The aim of this sub-module is to educate entrepreneurs on which processing activities are subject to the requirement for a data protection impact assessment, why it is important to conduct it in cases of high-risk processing, what steps should be taken to reduce the risk, and what negative consequences may arise if the impact assessment is not conducted or is not conducted properly

Learning outcomes

  • Identifying personal data processing activities that require a data protection impact assessment
  • Understanding the criteria taken into account when assessing which processing operations are likely to pose a risk to the rights and freedoms of individuals
  • Describing what and why a data protection impact assessment must contain

Certification information

After reviewing the video and theoretical section, the user will be able to take a quiz and answer questions to test their knowledge. The user will be presented with statements, and they can indicate whether they consider them to be true or false. Once the user answers all the quiz questions, the RESULTS section will appear with explanations for the answers to the questions. The system will generate a certificate as proof of passing the theoretical sub-module if the user achieves at least 80% correct answers.