What information should data protection impact assessment (DPIA) include? #GDPR

A DPIA should include:

A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller.

a) An assessment of the necessity and proportionality of the processing in relation to the purpose.

b) An assessment of the risks to individuals.

c) The measures in place to address risk, including security and to demonstrate that you comply.

d) A DPIA can address more than one project.

(Question and answer is taken from the ICO website)

View our GDPR page for more information