Data protection impact assessment (DPIA) in the Vaud public sector

A data protection impact assessment is required for processing activities likely to generate a high risk to the rights of data subjects, for example video surveillance, profiling, or automated decisions. The LPrD revision formally introduces this procedure for Vaud public bodies.

A DPIA describes the processing, assesses its necessity and proportionality, identifies the risks for data subjects, and defines measures to reduce them. It is conducted before the processing activity begins. For a public entity, the DPIA is also a governance tool: it documents the choices made and facilitates dialogue with the cantonal commissioner.

FAQ

High-risk activities, such as video surveillance, profiling, or automated individual decisions.

Useful links

Published: 17.06.2026

Updated: 17.06.2026

Canonical URL: /regulations/data-protection-impact-assessment