Data Protection Impact Assessment (DPIA)

Under the GDPR, there is a new general accountability obligation to show one complies with the Regulation by conducting a privacy impact assessment when ‘high risk’ processing is carried out. ‘High-risk’ processing includes:

  • systematic and extensive profiling that produces legal effects or significantly affects individuals;
  • processing sensitive personal data on a large scale; and
  • systematic monitoring of a publicly accessible area on a large scale (e.g. CCTV).

 

Please visit: https://gdpr-info.eu/art-35-gdpr/

 

Article 29 Working Party has issued Guidelines on Data Protection Impact Assessments (WP 248). The European Data Protection Board endorsed the GDPR related WP29 Guidelines.