Contemporary data processing activities rarely involve a single actor acting as the controller but, rather, rely on complex inter-organizational collaborations or federations of (joint) controllers, processors, sub-processors, recipients, and third parties. However, current approaches in support of Data Protection Impact Assessment (DPIA) traditionally address data protection risks through the perspective of a single entity. As a result, the assessment of complex, inter-organizational data processing activities is scattered across multiple isolated efforts conducted by different parties. This approach leads to mismatches between the factual descriptions of data processing activities among the concerned entities, but also dilutes the argumentation related to the general principles governing the processing of personal data. In this paper, we explore and discuss the benefits and downsides of approaches that foster inter-organizational collaboration when conducting a DPIA. We distill and present the main requirements and then contrast two alternative approaches for inter-organizational and collaborative DPIA: the centralized approach versus the fully federated approach.