The purpose of the EU GDPR Readiness Assessment is for the company to do a self-check on the status of compliance with the main requirements of the EU GDPR. Since this questionnaire is not exhaustive, it does not provide a 100% accurate overview of your company’s compliance.
If the answer to all of the questions in the Assessment is, “Yes,” you might already be compliant with the provisions of the EU GPDR. Still, all instances where you will answer, “Yes,” should be thoroughly documented to prove accountability and compliance.
If you would answer “No,” to some questions, it will indicate where you need to focus your compliance efforts.
A DPIA is a process designed to help you systematically analyze, identify and minimize the data protection risks of a project or plan. It is a key part of your accountability obligations under the GDPR, and when done properly helps you assess and demonstrate how you c omply with all of your data protection obligations. It does not have to eradicate all risk but should help you minimize and determine whether or not the level of risk is acceptable in the circumstances, taking into account the benefits of what you want to achieve.
2. Should these be conducted simultaneously? Or, how long after the Readiness Assessment is completed should a DPIA be carried out?
As you can see the two documents serve totally different purposes so the order is not important. However, consider that the EU GDPR Readiness Assessment is meant to analyze the overall compliance of a company and it makes sense to use this assessment first.