A DPIA is a written document that describes how data will be processed, for what reasons, the risks to the rights and freedoms of people whose data is processed, and the security measures to mitigate those risks. DPIAs might be required under the GDPR, CPRA, or other applicable data protection laws.