pia-review-cadence

Installation
SKILL.md

Managing PIA Review and Update Cadence

Overview

Art. 35(11) requires controllers to carry out a review to assess whether processing is performed in accordance with the DPIA, at least when there is a change in the risk represented by processing operations. A DPIA is not a one-time compliance exercise but a living document that must be maintained throughout the processing lifecycle. This skill establishes the governance framework for DPIA reviews, including trigger event identification, scheduled review cadence, version control, stakeholder sign-off, and DPIA register management.

Art. 35(11) Review Obligation

"Where necessary, the controller shall carry out a review to assess if processing is performed in accordance with the data protection impact assessment at least when there is a change in the risk represented by processing operations."

This means:

  1. Reviews are mandatory when risk changes
  2. The controller should proactively monitor for risk changes
  3. Regular periodic reviews are a best practice even without identified changes
  4. The DPIA must be updated to reflect the current state of processing

Review Trigger Categories

Category 1: Regulatory Triggers

Installs
11
GitHub Stars
187
First Seen
May 12, 2026
pia-review-cadence — mukul975/privacy-data-protection-skills