On July 17, 2019, the European Data Protection Supervisor (EDPS) adopted its list of the kinds of processing operations that require and those that do not require a data protection impact assessment under Articles 39(4) and (5) of Regulation (EU) 2018/1725.
The list aims to provide additional guidance to controllers and data protection officers in European institutions on how to generate records, how to decide if an operation needs a data protection impact assessment to be carried out and how to do it, and when it is necessary to consult the EDPS.
The list complements the accountability on the ground toolkit and will help organisations to comply with data protection requirements.
Request a Free Trial
As a trusted source of regulatory intelligence for the global payments industry, we enable organisations to manage the growing volume and velocity of regulatory risk with confidence, empowering more informed and effective decision making, in an efficient and cost-effective way.Take a Trial