What’s subject to a DPIA under the GDPR?

Under the European Data Protection Regulation, data protection impact assessments are required when data processing is “likely to result in a high risk to the rights and freedoms of natural persons.” Exactly what “high risk” entails, however, has been a difficult question to answer.

he supervisory authorities of 22 Member States submitted draft lists to the European Data Protection Board identifying data processing activities likely to result in a high risk and therefore require DPIAs. The EDPB subsequently issued opinions on each of these lists.

Source: What’s subject to a DPIA under the GDPR? EDPB on draft lists of 22 supervisory authorities

>