Be GDPR Compliant: When and How do I need to conduct a DPIA?
The Data Protection Impact Assessment (DPIA) is a key component of the General Data Protection Regulation (GDPR), which requires an impact assessment be performed against any process that is at risk of violating the data privacy rights of data subject.
Ideally, the assessment is completed prior to implementing processes, allowing the business to mitigate any identified risks. In many cases, this mandatory document will be requested by a regulator.
The report should include data processing activities that potentially impact the rights and freedoms of data subjects.
Check out this infographic that explains article 35 of the EU Regulation n°2016/679, and determine if you need to conduct a Data Protection Impact Assessment (DPIA).