Given that Developonia supervisory authority hasn’t drafted guidance on how to conduct a DPIA, and following the advice of the DPO, the developers perform the DPIA using the guidance from the Article 29 Working Party, as endorsed by the EDPB, and the template provided by the French Supervisory Authority[1]. The result of the DPIA shows that all the risks for the rights and freedoms of data subjects are mitigated to an acceptable level, which is never high for all the identified risks.
The result of the DPIA is stored in the repository for supporting documentation.
References
1Commision Nationale Informatique & Libertés, ‘Privacy Impact Assessment (PIA). Templates’. ↑