GDPR Art. 35 DPIA: when does fine-tuning an open-source LLM on internal data trigger a new assessment?

Scenario: Your company fine-tuned Llama 3 on internal HR documents (employee reviews, performance evaluations, exit interviews). The base model already went through a DPIA. Does the fine-tuning constitute a 'change in processing' requiring a NEW DPIA under Art. 35(9)? My reading: yes, because (a) the training data introduces new categories of personal data, (b) the fine-tuned model's behavior diverges from the base model in ways that affect risk assessment, and (c) the purpose shifts from general language understanding to HR-specific inference. But I'd like to hear how others handle the 'update vs. new assessment' question.