Namely, controllers can be obliged to perform a data protection impact assessment (DPIA) prior to the start of data processing (Art. 35). The DPIA evaluates the risks arising from the planned processing activities. Such assessment obligation is new and did not exist before the GDPR. Geographical information plays a permanently increasing role in our society. […]