A Data Privacy Impact Assessment must be carried out by a controller when certain conditions are met and in compliance with Article 35 of the GDPR. It provides the assurance that privacy is adequately addressed, that risky processings are acknowledged and that the controller knows how to mitigate those risks for data subjects.
According to Article 28 of the GDPR, as a processor, you must assist controllers in conducting this assessment and provide them all necessary information. This assistance must be included in your contract with controllers.