Privacy risk assessment is a continuous improvement process. It requires several iterations to achieve an acceptable privacy protection system. It also requires a monitoring of changes over time (in context, controls, risks, etc.), for example, every year, and updates whenever a significant change occurs.
The regulation only makes it mandatory for a number of cases, however, it's easier to tackle the regulation if you carry out a risk assessment for all of your data assets.
With GDPR Wisdom Ultimate Edition, you can document