A privacy impact assessment (PIA) is an essential element for effective privacy by design. It enables privacy leaders to be assured that the privacy controls implementation satisfies regulations and organizational requirements and is key to determining what steps must be taken to manage privacy risk for the organization. The standard ISO 29134 (Guidelines for Privacy Impact Assessment, June 2017) defines a PIA as the overall process of identifying, analyzing, evaluating, consulting, communicating, and planning the treatment of potential privacy impacts with regard to the processing of personally identifiable information (PII) framed within an organization’s broader risk management framework.