Data Protection Impact Assessments (DPIAs) are an essential compliance tool under the GDPR. DPIAs are mandatory in most cases when designing or modifying a process that involves PII of data subject. They support the concept of Privacy by Design and Default. They are crucial in showing the Supervisory Authority that a business has done everything it can to ensure that data is processed in accordance with the law.
Objectives of DPIA
To identify risks to PII and thus minimise or prevent: