The Data Protection Impact Assessment (DPIA) must be completed whenever there is a change in an existing process or service, or a new process of an information asset is introduced that is likely to involve a new use or significantly changes the way in which personal data is handled.

The DPIA is a process which assists in identifying and minimising the privacy risks. 

An effective DPIA is a tool (a risk assessment) to help identify the most effective way to comply with Data Protection obligations and meet individuals' expectations of privacy, allowing the organisation to identify and resolve any problems at an early stage, reducing the associated costs and damage which might otherwise occur.