Entity conducts Data Protection Impact Assessments periodically in order to assess the regulatory risks associated with processing of personal data