Data Protection Impact Assessments (DPIAs) help sponsors identify and address risks to participant data before a clinical trial begins. Under the UK and EU General Data Protection Regulation (GDPR), they are a mandatory requirement for high-risk personal data processing, which includes health information used in clinical research. Getting data protection right is not just a regulatory requirement, but a critical part of running an effective and trustworthy trial.