The European General Data Protection Regulation (GDPR) recently came into force, which requires an obligation to conduct a Data Protection Impact Assessment (DPIA). Similar to Privacy Impact Assessments (PIAs), several details are different. Things to consider include: who needs to conduct a DPIA (these are not limited to the public sector); what is considered high risk; the purpose of the DPIA (protective measures that are intended to proactively identify and manage risks and to prevent unforeseen compliance problems); the mandatory elements of a DPIA; and the process once a DPIA is complete.
