Skip to content Skip to footer

Loading Results

Five critical-success factors for effective General Data Protection Regulation (GDPR) data-protection impact assessments

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.


The most well-attended sessions at recent data-privacy conferences have covered the topic of data-protection impact assessments (DPIAs) required by the EU’s landmark General Data Protection Regulation (GDPR). A new discipline for European companies, DPIAs have been conducted in America for over a decade under the mantra of privacy impact assessments (PIAs). The US experience with PIAs offers five main lessons to multinationals seeking to solidify their DPIA implementation plans:

  1. Knowing when to complete a DPIA
  2. Less is more
  3. Logical tiering trumps index scoring
  4. Embed DPIAs into the first line of defense
  5. Plan to scale with software

Contact us

Jay Cline

US Privacy Leader, Principal, PwC US

Carolyn Holcomb

Privacy Assurance Leader and ESG Partner, PwC US

Jocelyn Aqua

Principal, Cybersecurity and Privacy, PwC US

Follow us