====== Data Protection Impact Assessment ======

A Data Protection Impact Assessment (DPIA) is required under the GDPR any time you begin a new project that is likely to involve “a high risk” to other people's personal information. Data and systems are classified as High Risk if: Protection of the data is required by law/regulation, in any processing of genetic data, any processing of biometric data, processing involving the use of innovative technologies, or the novel application of existing technologies (including AI), and when combining, comparing or matching personal data obtained from multiple sources.

A DPIA is mandatory at the start of a new project(you will not need a full DPIA if your project is REK(IRB) approved. 

[[https://forskerstotte.no/home/rek-prosjekter/Formalisering/20587]]


[[https://www.datatilsynet.no/rettigheter-og-plikter/virksomhetenes-plikter/vurdere-personvernkonsekvenser/vurdering-av-personvernkonsekvenser/hvordan-gjennomfore-en-dpia/]]