How to document the decision not to do a DPIA (so it’s audit-proof)
In the world of GDPR compliance, we spend a lot of energy discussing how to conduct a Data Protection Impact Assessment (DPIA). But there is a scenario that happens far more often: The decision that a project does not need one.
This is a dangerous blind spot for many organizations.