The Conference of the Supervisory Authorities of the Bund and the Lnder (Datenschutzkonferenz) has issued a guidance paper on compliance with the new requirement to conduct a data protection impact assessment (DPIA) according to Art. 35 GDPR. The conference stressed that the DPIA is not an isolated act but an ongoing process centred around four phases: preparation, execution, implementation and examination. It announced that it will issue a special paper on how to assess the risk resulting in the requirement to conduct a DPIA (threshold analysis).