Added Data Protection Impact Assessment requirement to the Procure to Pay process
This MR is to add a Data Protection Impact Assessment requirement to the Procure to Pay process.
@cciresi as discussed, I have added the DPIA requirement. Please review and approve.
@wzabaglio @jhurewitz @pmachle Tagging you for your review as this is an audited process. The inclusion of the DPIA is a GDPR requirement.
/cc @kathyw @gitlab-com/gl-security/compliance