- Understanding the business operations, objectives and establishing the context and relevant regulatory and data privacy requirement
- Define the scope of DPIA and privacy risk scenarios
- Performing the DPIA and risk assessment
- Deliver the DPIA report considering the risk to rights and freedom of data principal
- Deliver the risk assessment report considering the impact to the data fiduciary
- Recommending the organisational and technical measures to mitigate the gaps
- DPIA and risk assessment reports will be attested by CISA