Data Protection Impact Assessment: when is it needed?

Under article 35, the GDPR requires data controllers to conduct a data protection impact assessment (DPIA) on activities likely to pose a high-risk to the individuals, due to their nature, scope, context or purpose.