# Impact analysis

This step will allow you to evaluate in a simple way if your processing must be subject to a data protection impact analysis (DPI or PIA) provided for by [Article 35 of the GDPR](https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e3546-1-1).&#x20;

What is a DIA? A process to assess the necessity and proportionality and to manage the risks.&#x20;

Under what conditions should I conduct a PIA? If the risks to the rights and freedoms of data subjects are high. The EDPS has clarified the scope of this requirement. Specifically, if the processing meets at least two of the following criteria, an AIP will be required:

* Evaluation/scoring&#x20;
* Automatic decision with legal effect&#x20;
* Systematic monitoring&#x20;
* Sensitive data&#x20;
* Large scale&#x20;
* Cross-referencing of data&#x20;
* Vulnerable persons&#x20;
* Innovative use&#x20;
* Transfer outside the EU&#x20;
* Blocking a right/contract

The criterion of transfers outside the EU is not part of the list established by the EDPS, but it constitutes a significant risk in view of the safeguards necessary to carry out a transfer.&#x20;

Sometimes, in case of a processing operation that is particularly sensitive for the data subjects, only one criterion may be retained.&#x20;

In addition, supervisory authorities publish a list of types of processing for which an AIP is mandatory and may publish a list of types of processing for which an AIP is not mandatory.&#x20;

The French CNIL has published these two lists (in French)which can be accessed here:&#x20;

[List of types of processing with non-mandatory PIA ](https://www.cnil.fr/sites/default/files/atoms/files/liste-traitements-aipd-non-requise.pdf)

[List of types of processing with mandatory PIA ](https://www.cnil.fr/sites/default/files/atoms/files/liste-traitements-aipd-requise.pdf)

Note that [Article 30 of the GDPR](https://eur-lex.europa.eu/eli/reg/2016/679/oj#d1e3265-1-1) doesn't require to specify whether an AIP has been performed on the processing.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.dastra.eu/en/features/editer-le-registre/remplir-le-questionnaire/analyse-dimpact.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.