Under the GDPR, there is a new general accountability obligation to show one complies with the Regulation by conducting a privacy impact assessment when ‘high risk’ processing is carried out. ‘High-risk’ processing includes:
- systematic and extensive profiling that produces legal effects or significantly affects individuals;
- processing sensitive personal data on a large scale; and
- systematic monitoring of a publicly accessible area on a large scale (e.g. CCTV).
Please visit: https://gdpr-info.eu/art-35-gdpr/
The Article 29 Working Party has subsequently issued Guidelines on Data Protection Impact Assessments (WP 248). The European Data Protection Board endorsed all the GDPR related WP29 Guidelines.