A DPIA is a continuous process[1] that guides and supervises the implementation of a processing activity such that it complies with all data protection requirements and that the impact on natural persons is minimized. This process is documented in the DPIA report.
Figure 1 shows an illustration of the process provided by the Article 29 Working Party[2].
Figure 1: Generic iterative process for carrying out a DPIA according to the Article 29 Working Party.
References
1wp248rev.01, page 14, Section III.D.a), 3rd paragraph: “Carrying out a DPIA is a continual process, not a one-time exercise.” ↑
2wp248rev.01, page 16, Section III.D.3), 2nd paragraph. ↑