DPIA for AI Systems: A Practical Guide

·

A DPIA (data protection impact assessment) for artificial intelligence is not a description of the algorithm, nor a form filled in once the system is already live. It is a process carried out before processing begins, to demonstrate that the purpose, the data and how the system works are necessary and proportionate, to identify impacts on people, and to reduce them before deployment. The "high-risk" classification under the AI Act and "high risk" under the GDPR are not identical concepts: they must be assessed separately and coordinated when both apply.

When does an AI system need a DPIA

Article 35(1) GDPR requires a DPIA whenever processing – particularly where new technologies are involved – is likely to result in a high risk to the rights and freedoms of individuals, taking into account its nature, scope, context and purposes.

Article 35(3) lists, among other scenarios, three in particular: a systematic and extensive evaluation of personal aspects based on automated processing – including profiling – on which decisions producing legal or similarly significant effects are based; large-scale processing of special categories of data or criminal-offence data; and systematic large-scale monitoring of a publicly accessible area.

AI systems tend to accumulate several risk criteria at once: profiling, prediction, combining data sources, vulnerable individuals, sensitive data, monitoring, innovative use, large scale, or decisions affecting employment, credit, education, health or access to services. You don't need to wait for the system to be classified as "high-risk" under the AI Act: if the data processing can generate high risk under the GDPR, the DPIA is mandatory.

Conversely, not every system falling under the AI Act's high-risk categories automatically requires a DPIA. If it doesn't process personal data, the GDPR may not even apply. If it does, the controller must still carry out its own analysis under Article 35 and against the lists and criteria published by the supervisory authority.

A decision not to carry out a DPIA must also be documented. It should explain the processing analysed, the criteria considered, the safeguards already in place, the date, and who approved the conclusion.

DPIA, conformity assessment and fundamental rights impact assessment

These are related instruments, but they are not interchangeable:

AssessmentPrimary responsibilitySubject matterCore question
GDPR DPIAData controllerRisks of processing personal dataHow could this affect people, and how is the risk reduced?
AI Act conformity assessmentMainly the provider, depending on the caseCompliance of the high-risk AI systemDoes the system meet the Regulation's applicable requirements?
FRIA under Article 27 AI ActCertain deployersImpact on fundamental rightsHow does this specific use of the system affect rights in context?

Article 27 of the AI Act provides that, where the obligations of the fundamental rights impact assessment are already covered by a DPIA, the FRIA should complement it. The efficient approach is a coordinated file built on a shared inventory of system, data, people, decisions, risks and measures, keeping clear traceability of which requirement each document satisfies.

Step 1. Define the actual processing

The unit of analysis is not just the model. The entire processing operation must be described:

The same model can be embedded in very different processing operations. A classifier used to prioritise administrative documents does not carry the same risks as the same component applied to job applications.

It helps to map a flow from collection through to deletion. Each step should show the data, purpose, system, actor, location, access, output and supporting evidence. Grey areas – provider telemetry, prompt retention or use for model improvement – are findings to be resolved, not boxes you can leave blank.

Step 2. Confirm purpose, legal basis and transparency

The purpose must be specific and understandable. "Improving the service with AI" doesn't let you assess necessity or properly inform people. A better formulation is: "prioritising incoming requests to reduce assignment time, without deciding whether they are accepted."

Every operation needs a legal basis under Article 6 GDPR. Where special categories of data are involved, an exception under Article 9(2) is also required. Legitimate interest requires identifying the interest, proving necessity and balancing it against people's rights; contractual necessity covers only what is objectively required; and consent must be freely given, specific, informed and unambiguous.

The DPIA must check the information required under Articles 13 and 14 and, where relevant, the requirements on automated decision-making. The explanation doesn't need to reveal trade secrets, but it must let people understand which data influences the outcome, what the output is used for, what consequences it can have, and how to challenge it.

Step 3. Assess necessity and proportionality

Before calculating risk, you have to show that the processing is justified. For every data point, inference and function, ask:

  1. Does it demonstrably contribute to the purpose?
  2. Is there a less intrusive alternative?
  3. Does the improvement it delivers outweigh the impact on people?
  4. Can accuracy, frequency, population or retention be reduced?
  5. Can the decision be kept in the hands of a person?

A technically accurate system can still be disproportionate. Continuously capturing location data to verify a one-off action, for example, can go beyond what's necessary even if the data itself is precise.

Minimisation also applies to derived variables, logs, embeddings and explanations. Proxies that reconstruct sensitive categories must be avoided. Retention is set per purpose and per component – you don't apply the longest period to the whole system.

Step 4. Identify impacts on people

A DPIA protects rights and freedoms, not just databases. The inventory should cover:

Each scenario should be written with a cause, an event, an affected person and a consequence. "Data leak" is too generic; "a provider reuses patient conversations to improve a service, and unauthorised staff infer clinical information from them" allows you to design concrete controls.

Step 5. Assess the initial risk

The assessment combines likelihood and severity from the perspective of the individual. Severity takes into account intensity, duration, reversibility, the number of areas of life affected and vulnerability. Likelihood looks at exposure, attacker motivation, frequency, complexity and controls already in place.

Don't reduce everything to an average. An unlikely event with irreversible harm may mean the operation should be avoided altogether. It's worth recording the uncertainty and quality of the evidence behind each score: historical data, internal testing, published literature, audits, or mere estimation.

A minimum matrix should contain:

ScenarioPeople affectedLikelihoodSeverityInitial riskEvidence
False negative in screeningJob candidatesMediumHighHighStratified testing
Unauthorised access to promptsUsersMediumHighHighPermissions testing
Health status inferenceCustomersLow/mediumVery highHighVariable analysis

Step 6. Design measures tied to each risk

A generic list of "encryption and training" is not enough. Every measure should state which scenario it reduces, who owns it, the deadline, supporting evidence, the expected effectiveness and the resulting residual risk.

Data-related measures

Model-related measures

Decision-related measures

Security and vendor measures

Step 7. Consultation, DPO and approval

The DPO must provide advice where one has been appointed, but responsibility for the DPIA rests with the data controller. The business, privacy, security, technical, procurement and process-owner teams should all be involved, and, where appropriate, affected individuals or their representatives.

Consultation doesn't mean handing the decision to the vendor. The deployer knows the purpose and the context and must interrogate the vendor's documentation, metrics and limitations.

The approval decision must identify the risks accepted, their owner and the reasoning behind it. If, after the measures are applied, a high risk remains that cannot reasonably be mitigated, Article 36 requires prior consultation with the supervisory authority before processing begins.

Step 8. Review throughout the lifecycle

A DPIA doesn't end at launch. Article 35(11) requires it to be reviewed when the risk changes. For AI, the following should trigger a review:

Operational metrics should be tied back to the identified risks: false positives by group, overrides, complaints, unauthorised access, time to correction and automated decisions blocked.

A 30-day work plan

Week 1: scope

Week 2: necessity and risk

Week 3: measures and testing

Week 4: decision

Checklist for a defensible DPIA

Frequently asked questions

Does every AI system need a DPIA?

No. It's required when the processing is likely to result in high risk. The decision itself must be analysed and documented.

Does being high-risk under the AI Act automatically trigger one?

Not automatically – they are different concepts covering different scopes. But many high-risk uses process personal data intensively and will likely meet the Article 35 criteria anyway.

Can the provider carry it out?

The provider can contribute documentation and analysis, but the controller must assess its own purpose, context and risks. This responsibility cannot be delegated.

Does human review rule out Article 22 GDPR?

Only if it's genuine: the person must have the competence, information, time and authority to change the decision. Routine rubber-stamping is not enough.

What's the difference between a DPIA and a FRIA?

A DPIA focuses on the risks of processing personal data; a FRIA covers broader impacts on fundamental rights for certain high-risk AI deployments. The two should complement each other.

When do you need to consult the AEPD (Spanish DPA)?

When the DPIA shows a residual high risk that the controller cannot mitigate before processing begins, under Article 36.

At Summum Consultoría we can support the analysis, coordinate privacy, business and technology stakeholders, and review the complete DPIA file, including its coordination with AI Act compliance. A DPIA alone doesn't guarantee compliance: it turns decisions and safeguards into a verifiable process.