PIA in Annex F focuses on which of the following?

PIA focuses on evaluating privacy risks of processing personal data and identifying measures to mitigate those risks. It means looking at how data is collected, used, stored, and shared, and asking whether the processing is necessary and proportionate. The goal is to uncover potential impacts on individuals’ privacy and put safeguards in place—such as limiting data collection, strengthening access controls, or adding retention limits—before the project proceeds. This helps ensure accountability and compliance with data protection requirements. The other options relate to commercial procurement, IT performance, or data collection specifics rather than assessing privacy risk and mitigation, so they don’t fit the purpose of a PIA.