Greece: Hellenic Data Protection Authority Publishes Data Protection Impact Assessment List

On May 15, 2019, the Hellenic Data Protection Authority announced its list of activities and operations that, if performed by controllers, trigger the obligation to carry out a data protection impact assessment (DPIA).

The list was adopted by Decision 65/2018 of the authority and was published in the official gazette on May 10, 2019.

Pursuant to Article 35 of the General Data Protection Regulation (GDPR), EU member states through their data protection authorities must "establish and make public a list of the kind of processing operations for which no data protection impact assessment is required".

To continue reading please log in or request a demo to speak to a member of the team.