Skip to content

Conducting a Data Protection Impact Assessment in Health Science: A Comprehensive Guide


Marcelo Corrales Compagnucci, Alan Dahi, Peter Alexander Earls Davis


This work is distributed under the Creative Commons Licence Attribution 4.0 International (CC BY 4.0).

This article provides a guide to conducting a data protection impact assessment (DPIA) for data sharing within health science research. Given the sensitivity of data in health sciences, a DPIA is vital to ensure adherence to data protection regulations and safeguard individual rights and privacy. This guide outlines the core components of a DPIA, including defining its purpose and scope, evaluating the necessity of data processing activities, gauging potential risks, and strategizing effective risk mitigation. By demystifying the DPIA process, this article empowers researchers and stakeholders to execute responsible and ethical data practices in line with the General Data Protection Regulation (GDPR) standards. Additionally, it offers practical examples, tools and resources to enhance the efficiency of conducting DPIAs in health science projects.

Marcelo Corrales Compagnucci is Associate Professor and Associate Director of the Center for Advanced Studies in Biomedical Innovation Law (CeBIL), Faculty of Law, University of Copenhagen (UCPH). For correspondence: <>. Alan Dahi is an independent researcher, German-qualified data protection lawyer, and guest lecturer in data protection at the Leibniz University Hannover. Peter Alexander Earls Davis is a postdoctoral researcher at the University of Copenhagen (UCPH).


Lx-Number Search

(e.g. A | 000123 | 01)

Export Citation