The GDPR will introduce a specific instrument that will serve as a report card for how organizations are holding up their end of the data privacy bargain: the Data Privacy Impact Assessment (DPIA). DPIAs go beyond the current model of Privacy Impact Assessment that is supposed to result in an evaluation of how personally identifiable information is collected, used, shared and maintained.
Data Privacy Impact Assessments as defined by the EU General Data Protection Directive (GDPR) will require a wholesale rethink of how data flows and mapping are performed to support data privacy protection. Instead of survey-based estimates, DPIAs will need to be based on real insights into data context and flows.
This will require new software approaches to automate data mapping that are based on real systems data.