On May 15, 2019, the Hellenic Data Protection Authority announced its list of activities and operations that, if performed by controllers, trigger the obligation to carry out a data protection impact assessment (DPIA).
The list was adopted by Decision 65/2018 of the authority and was published in the official gazette on May 10, 2019.
Pursuant to Article 35 of the General Data Protection Regulation (GDPR), EU member states through their data protection authorities must "establish and make public a list of the kind of processing operations for which no data protection impact assessment is required".
Request a Free Trial
As a trusted source of regulatory intelligence for the global payments industry, we enable organisations to manage the growing volume and velocity of regulatory risk with confidence, empowering more informed and effective decision making, in an efficient and cost-effective way.Take a Trial