Risk assessment and PIA for EU GDPR

Answer: The main purpose of Privacy Impact Assessments (PIA's) for EU GDPR is the identification of risks to the privacy rights of individuals when processing their personal data, so proper measures can be taken to properly protect them. In this context, risk assessments based on standards like ISO 31000, and most specifically ISO 27005, fits perfectly for this purpose. In fact, by simply implementing ISO 27001, complemented by ISO 27018, you will cover most of situations related to privacy risks.

This article will provide you further explanation about privacy and risk assessment:
- Does ISO 27001 implementation satisfy EU GDPR requirements? https://advisera.com/27001academy/blog/2016/10/17/does-iso-27001-implementation-satisfy-eu-gdpr-requirements/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- Catalogue of th reats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/ (in this list you will find most threats and vulnerabilities that are applicable to PIA)