Data protection impact assessment
Private- and public-sector data controllers must carry out a data protection impact assessment (DPIA) if data processing is likely to result in a high risk to the personality or fundamental rights of the data subjects.