The Article 29 Working Party updated the Guidelines on PIAs and evaluation of risk guidance on October 4, 2017:

Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679

CNIL created a PIA Infography to outline the main principles. Keep your eye out for these additional tools, which CNIL is currently developing to assist with the GDPR PIA requirement:

  • A PIA Guide and free software to assist in determining when a DPIA is required, and to help perform the PIA
  • A framework for conducting DPIAs on connected objects
  • A case study
  • A list of processing activities that require a DPIA and a list of those that are not subject to the DPIA requirement