European Data Protection Board logo
Close menu

Data Protection Impact Assessment - Lists of processing activities

Each data protection authority issues a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment (DPIA), following an EDPB opinion (Art. 35(4) GDPR).
Data protection authority may also establish a list of the kind of processing operations for which no DPIA is required (Art. 35(5) GDPR).
This register provides an overview of these lists adopted by data protection authorities.

  • 28 items
Filter on
Filter on type of list
Filter on competent SA

Czech SAs list of the kind of processing operations exempt from the requirement for a Data Protection Impact Assessment under Art 35(5) of the General Data Protection Regulation (EU) 2016/679 GDPR

cz
Related links
Opinion 11/2019 on the draft list of the competent supervisory authority of the…

Netherland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

nl
Related links
Opinion 16/2018 on the draft list of the competent supervisory authority of the…

French SAs list of the kind of processing operations exempt from the requirement for a Data Protection Impact Assessment under Art 35(5) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

fr
Related links
Opinion 13/2019 on the draft list of the competent supervisory authority of Fra…

Iceland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

is
Related links
Opinion 7/2019 on the draft list of the competent supervisory authority of Icel…

Poland SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

pl
Related links
Opinion 17/2018 on the draft list of the competent supervisory authority of Pol…

Croatia SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

hr
Related links
Opinion 25/2018 on the draft list of the competent supervisory authority of Cro…

Estonia SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

ee
Related links
Opinion 6/2018 on the draft list of the competent supervisory authority of Esto…

Norway SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

no
Related links
Opinion 2/2019 on the draft list of the competent supervisory authority of Norw…

Lithuania SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

lt
Related links
Opinion 13/2018 on the draft list of the competent supervisory authority of Lit…

Latvia SAs list of the kind of processing operations which are subject to the requirement for a Data Protection Impact Assessment under Article 35(4) of the General Data Protection Regulation (EU) 2016/679 (GDPR)

lv
Related links
Opinion 14/2018 on the draft list of the competent supervisory authority of Lat…