A DPIA is a continuous process^[1] that guides and supervises the implementation of a processing activity such that it complies with all data protection requirements and that the impact on natural persons is minimized. This process is documented in the DPIA report.

Figure 1 shows an illustration of the process provided by the Article 29 Working Party^[2].

Figure 1: Generic iterative process for carrying out a DPIA according to the Article 29 Working Party.

 

 

References

---

¹wp248rev.01, page 14, Section III.D.a), 3^rd paragraph: “Carrying out a DPIA is a continual process, not a one-time exercise.” ↑

²wp248rev.01, page 16, Section III.D.3), 2^nd paragraph. ↑