No GDPR overview is complete without the DPIA. However, when it comes to the data protection impact assessment, the good news is that it is not strictly required in most cases.
This is what the English ICO has to say about it:
“Although publishing a DPIA is not a requirement of GDPR, you should actively consider the benefits of publication. As well as demonstrating compliance, publication can help engender trust and confidence. We would therefore recommend that you publish your DPIAs, were possible, removing sensitive details if necessary.”
Since the template the ICO provides is one of the best we’ve seen, we’re attaching it here directly for you to check out:
You can read the entire entry on the ICO’s (the UK’s data protection authority) topical page here.