# O3.7 Undertake data protection impact assessments and legislative reforms prior to DPI roll-out {% tabs %} {% tab title="Principle" %} [O3 Ensure data privacy by design](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/principles/operational-principles/o3-ensure-data-privacy-by-design) {% endtab %} {% tab title="Risks" %} [RS1 Privacy vulnerability](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-safety), [SV2 Weak rule of law](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/risks/risks-to-structural-vulnerabilities) {% endtab %} {% tab title="Life Cycle Stage" %} [L1 Conception and Scoping](https://safedpi.gitbook.io/safeguards/universal-dpi-safeguards-framework/responsible-authorities/r3-donor/l1-conception-and-scoping) {% endtab %} {% endtabs %} ## Practices * Conduct data protection impact assessments (DPIAs) using frameworks like GDPR or OECD guidelines to identify and mitigate privacy risks before DPI implementation. * Hold public consultations on DPIA findings, involving stakeholders such as civil society, private sector, and affected communities to gather feedback and build consensus. * Publish the DPIA results and ensure transparency by creating public reports.


	Data Protection Impact Assessment (DPIA)