The first thing that an IT privacy practitioner should do before an organization migrates personal data

from an on-premise solution to a cloud-hosted solution is to perform a privacy impact assessment

(PIA). A PIA is a systematic process of identifying and evaluating the potential privacy risks and

impacts of a data processing activity or system. A PIA helps to ensure that privacy is considered and

integrated into the design and development of data processing activities or systems, and that privacy

risks are mitigated or eliminated. A PIA also helps to determine the appropriate measures to protect

personal data in a cloud-hosted solution, such as encryption, pseudonymization, anonymization,

access control, audit trail, breach notification, etc. A PIA also helps to comply with the applicable

privacy regulations and standards that govern data processing activities in a cloud-hosted

solution. Reference: : CDPSE Review Manual (Digital Version), page 99