On April 4, 2017, the EU Article 29 Working Party has published draft Guidelines on Data Protection Impact Assessment (DPIA) with the aim of achieving common criteria, methodology, and recommendations with respect to DPIAs under the GDPR.
DPIAs are mandatory under the EU General Data Protection Regulation (GDPR) when processing is “likely to result in a high risk”.
As with other aspects of the GDPR, non-compliance with DPIA requirements can result in fines of up to 2% of the respective group of companies’ global revenue from the preceding year.
The draft Guidelines are open for comment from the public until 23 May 2017.
Download the Guidelines on Data Protection Impact Assessment