DPIA is mandatory under the GDPR. We conduct, review and integrate your DPIA with audit-grade rigour.
Request DPIA Assessment Learn moreThe Data Protection Impact Assessment is the central risk management tool for personal data processing.
Set out in Article 35 of the GDPR, a DPIA is a structured process that identifies, assesses and mitigates the risks that a particular processing operation may pose to the rights and freedoms of natural persons.
It is mandatory whenever processing — by its nature, scope, context or purpose — is likely to result in a high risk to data subjects. The Portuguese DPA (CNPD) has defined 22 categories of processing that require a mandatory DPIA in Portugal.
The GDPR defines three situations where a DPIA is always mandatory, and the CNPD has added 22 specific categories for Portugal.
Systematic and extensive evaluation of personal aspects, including profiling (Art. 35(3)(a)).
Large-scale processing of special categories of data or criminal conviction data (Art. 35(3)(b)).
Systematic monitoring of a publicly accessible area on a large scale (Art. 35(3)(c)).
The obligation applies to specific processing scenarios. Learn about the most common ones.
Professional Data Protection Impact Assessment services by Audiqcer.
Turnkey service: from screening to final documentation, including DPO opinion.
Learn more →Joint GDPR + AI Act approach for organisations using AI systems.
Learn more →A structured 7-step process with audit-grade rigour and certification orientation.
Methodological rigour inherited from decades of ISO auditing and certification experience.
GDPR + AI Act + NIS2 articulation in a single, integrated and efficient approach.
Healthcare, banking, telecoms, public administration — proven transversal competence.
dpia.pt is part of Audiqcer's specialised portal ecosystem.
Fill in the form and our team will contact you within 24 business hours.