fbpx

Free tools and resources for Data Protection Officers!

The Spanish DPA publishes a list of processing operations for which a DPIA is mandatory

After having received the favorable opinion of the European Data Protection Board, the Spanish Data Protection Agency (“AEPD”) released last 6th May a list of processing operations for which it is necessary to carry out a privacy impact assessment.

Although the GDPR establishes criteria that help to identify those processing operations that involve a high risk, the supervisory authorities shall establish and make public a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment. In this context, the AEPD has published a list of processing operations determining that in the majority of cases where the processing meets two or more of the criteria on the list, a PIA will be necessary. The more criteria met by the processing analyzed, the greater the risk involved and the certainty of the need for a PIA.

Full article: The Spanish Data Protection Agency has published a list of processing operations for which a privacy impact assessment is mandatory

>