European Data Protection Supervisor Adopts Data Protection Impact Assessment List

On July 17, 2019, the European Data Protection Supervisor (EDPS) adopted its list of the kinds of processing operations that require and those that do not require a data protection impact assessment under Articles 39(4) and (5) of Regulation (EU) 2018/1725.

The list aims to provide additional guidance to controllers and data protection officers in European institutions on how to generate records, how to decide if an operation needs a data protection impact assessment to be carried out and how to do it, and when it is necessary to consult the EDPS.

The list complements the accountability on the ground toolkit and will help organisations to comply with data protection requirements.

To continue reading please log in or request a demo to speak to a member of the team.