A
PIA (Privacy Impact Assessment) evaluates how new systems or processes collect, use, and store personal data — identifying and mitigating privacy risks before deployment.
GDPR requires DPIA (Data Protection Impact Assessment) for high-risk processing. PIAs are best practice for any new system handling personal data. Completed before deployment (not after) to influence design decisions.