Based on Article 35 of the EU (European Union) General Data Protection Regulation, a Data Protection Impact Assessment (DPIA) is necessary whenever there is a possibility of a high privacy and data protection risk to individuals caused by a new project under development. A similar process to DPIA had been previously known as Privacy Impact Assessment (PIA). We are investigating here to find out if GDPR and DPIA specifically as its privacy risk assessment tool have resolved the challenges privacy practitioners were previously facing in implementing PIA. To do so, our methodology is based on comparison and thematic analysis on two sets of focus groups we held with privacy professionals back in January 2018 (four months before GDPR came into effect) and then in November 2019 (18 months after GDPR implementation).

翻译：根据欧盟《通用数据保护条例》(GDPR)第35条的规定，当正在开发的新项目可能对个人造成高隐私和数据保护风险时，必须进行数据保护影响评估(DPIA)。与此类似的过程此前被称为隐私影响评估(PIA)。本研究旨在探究GDPR及其具体隐私风险评估工具DPIA是否解决了隐私从业者在实施PIA时此前面临的挑战。为此，我们采用比较分析和主题分析方法，对2018年1月（GDPR生效前四个月）和2019年11月（GDPR实施后18个月）分别与隐私专业人士举行的两组焦点小组讨论进行了研究。