At its regular session held on 06.02.2019, the Commission for Personal Data Protection adopted a list of the types of processing operations for which data protection impact assessment is required under Art. 35, par. 4 of Regulation (EU) 2016/679.
The purpose of the list is to assist the controllers in fulfilling their obligation under Art. 35, par. 1 of Regulation (EU) 2016/679 to carry out an impact assessment whenever a particular type of processing is likely to be due to a high risk to the rights and freedoms of individuals. The same is non-exhaustive and may be updated as necessary.
The list of types of processing operations for which data protection impact assessment is required is published HERE.
