Home » CPDP has adopted a list of the types of processing operations for which data protection impact assessment is required

CPDP has adopted a list of the types of processing operations for which data protection impact assessment is required

13.02.2019
 
At its regular session held on 06.02.2019, the Commission for Personal Data Protection adopted a list of the types of processing operations for which data protection impact assessment is required under Art. 35, par. 4 of Regulation (EU) 2016/679.
The purpose of the list is to assist the controllers in fulfilling their obligation under Art. 35, par. 1 of Regulation (EU) 2016/679 to carry out an impact assessment whenever a particular type of processing is likely to be due to a high risk to the rights and freedoms of individuals. The same is non-exhaustive and may be updated as necessary.
The list of types of processing operations for which data protection impact assessment is required is published HERE.



Commission for Personal Data Protection, Sofia, 2 Prof. Tsvetan Lazarov Blvd.