DPIA (Data Protection Impact Assessment)

DEFINITION

A GDPR document required for any business doing 'high-risk' data processing. Includes: AI-driven CV screening (AI Act from August 2026), biometric identification, location tracking, processing children's data, large-scale sensitive data. The DPIA covers: what you collect, why, how you protect, what risks, how you mitigate. Missing it = NAIH fine €8-40k for SMBs. A Hungarian data-protection consultant produces one for €500-1.3k, or 1-2 weeks of internal work.

RELATED TERMS06

Threat model→
A structured exercise that walks the system's actors, attack surface, risks, and controls. Day one of every DField project · before any code.
Penetration test (pentest)→
Manual + tooled attack simulation that reveals what an attacker could achieve. We deliver findings as PRs in your repo, not an 80-page PDF.
DevSecOps→
Security as a continuously-running CI step (SAST, DAST, SCA, IaC scan), not an annual project. Runs against every push; every sprint closes at least one security bug.
MFA (Multi-factor auth)→
Two or more factors (TOTP, WebAuthn, biometric) beyond a password. Table-stakes in SaaS today · enterprise procurement disqualifies you without it.
SOC 2→
A US audit framework for confidentiality, integrity, availability, and privacy controls. For SaaS, the Type II audit (6–12 months of observation) is the standard enterprise baseline.
ISO 27001→
International standard for Information Security Management Systems (ISMS). Often preferred in Europe instead of or alongside SOC 2. 3-year certification cycle.

MENTIONED IN THE BLOG08