Mandatory if processing is likely to result in a high risk.
In regards to its nature, scope, context and purpose (e.g new technology).
Shall be carried out by the controller and prior to the processing.
Mandatory, for instance, where automated processing, such as profiling￤New.
Content requirements of DPIA.
Detailed description of the processing (purpose, legitimate interest).
Assessment of the necessity and proportionality.
Assessment of risks and measures.
Consultation with Supervisory Authority required where DPIA reveals high risk is likely to occur if necessary measures are not taken.
Supervisory Authority shall answer within 8 weeks (14 extendable).
Accountability important components.
Compliance with codes of conducts to mitigate assessed impact (namely in DPA).
Certifications participate to demonstrate accountability.