The EDPB establishes common criteria for Data Protection Impact Assessment lists drafted by national supervisory authorities
On September 26th, 2018, the European Data Protection Board (“EDPB”) adopted Opinions on the draft lists, submitted by the respective national supervisory authorities, on the processing operations subject to the requirement of a data protection impact assessment (“DPIA”). The Opinions which result from the obligation for supervisory authorities to establish a list of the kind of processing operations that should be subject to a DPIA (Article 35(4) GDPR) and the consistency mechanism provided for by Articles 35(6) and 64(1)(a) GDPR, are in line with previous Article 29 Working Party (“WP29”) Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 issued on the 4th of April 2017 and modified on the 4th of October (hereinafter referred to as “WP248“). The EDPB Opinions and the previous Guidelines identify and harmonise a number of processing operations for which a DPIA is definitely required, in order to ensure a consistent application of the data protection rules throughout the Union.
Cyberwatching.eu has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 740129. The content of this website does not represent the opinion of the European Commission, and the European Commission is not responsible for any use that might be made of such content. Privacy Policy | Disclaimer / Terms and Conditions of Use