In relation to the new General Data Protection Regulation (GDPR), it is necessary to perform a Risk Analysis to verify the level of risk and, in case of high risk, the GDPR itself requires the performance of a Data Protection Impact Assessment (DPA).

There are some types of processing defined in articles of the GDPR that require (by default) a PIDD: mass processing of data for profiling, large-scale processing of special categories of data (sexual orientation, trade union membership, genetic data, religious convictions, biometric data that uniquely define a person, health data, etc.) or systematic observation of a publicly accessible area.

PILAR helps to analyse the risks arising from personal data protection impact analysis, addressing in particular the risks of on rights and freedoms, and the measures defined to address those risks.

A process of continuous improvement is envisaged in which the essential assets are data processing.