Article 35 - Data protection impact assessment

Article 35 of the GDPR requires controllers to conduct a Data Protection Impact Assessment (DPIA) when processing is likely to result in a high risk to individuals' rights and freedoms, such as systematic profiling or large-scale processing of sensitive data. The DPIA must describe the processing, assess risks, and outline measures to mitigate them.