Search results | European Data Protection Board

Opinion 10/2018 on the draft list of the competent supervisory authority of Hungary regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 25/2018 on the draft list of the competent supervisory authority of Croatia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
4 December 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 6/2018 on the draft list of the competent supervisory authority of Estonia regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR)
22 April 2020
Opinion of the Board (Art. 64)
… undergo a data protection impact assessment (hereinafter “DPIA”), by recommending SAs to remove some criteria which, … in order not to contradict the general rules defined in the DPIA guidelines of the Article 29 Working Party2, endorsed … operations which are not subject to the requirement for a DPIA. They shall, however, apply the consistency mechanism …
Opinion 2/2018 on the draft list of the competent supervisory authority of Belgium regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 16/2018 on the draft list of the competent supervisory authority of the Netherlands regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 2/2019 on the draft list of the competent supervisory authority of Norway regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
23 January 2019
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … of the data subjects. Adopted 4 (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 4/2018 on the draft list of the competent supervisory authority of Czech Republic regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 7/2019 on the draft list of the competent supervisory authority of Iceland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
12 March 2019
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … of the data subjects. Adopted 4 (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 10/2019 on the draft list of the competent supervisory authority of Cyprus regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35(4) GDPR)
12 July 2019
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … of the data subjects. Adopted 4 (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 20/2018 on the draft list of the competent supervisory authority of Sweden regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 17/2018 on the draft list of the competent supervisory authority of Poland regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 19/2018 on the draft list of the competent supervisory authority of Romania regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
3 October 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 24/2018 on the draft list of the competent supervisory authority of Denmark regarding the processing operations subject to the requirement of a data protection impact assessment (Article 35.4 GDPR)
4 December 2018
Opinion of the Board (Art. 64)
… for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism … protection of the data subjects. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. The Working Party 29 Guidelines WP248 state that in …
Opinion 11/2019 on the draft list of the competent supervisory authority of the Czech Republic regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR)
12 July 2019
Opinion of the Board (Art. 64)
… states that a type of processing should undergo a DPIA, by recommending SAs to remove some criteria which, the … in order not to contradict the general rules defined in the DPIA guidelines from the Article 29 Working Party, endorsed … for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism …
Guidelines 08/2020 on the targeting of social media users
7 September 2020
Guidelines
… 26 7 Data protection impact assessments (DPIA) … requirements (such as lawfulness and transparency, DPIA, etc.) as well as key elements of arrangements between … Party, Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to …
Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725)
12 July 2019
Recommendations
… criteria in a harmonized manner. (4) The carrying out of a DPIA is only mandatory for the controller pursuant to … processing operations are subject to the requirement for a DPIA. 1 WP29, Guidelines on Data Protection Impact … that a processing meeting two criteria would require a DPIA to be carried out, however, in some cases a data …
Opinion 13/2019 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR)
12 July 2019
Opinion of the Board (Art. 64)
… states that a type of processing should undergo a DPIA, by recommending SAs to remove some criteria which, the … in order not to contradict the general rules defined in the DPIA guidelines from the Article 29 Working Party, endorsed … for a data protection impact assessment (hereinafter “DPIA”). They shall, however, apply the consistency mechanism …
EDPB Document on response to the request from the European Commission for clarifications on the consistent application of the GDPR, focusing on health research
2 February 2021
Other guidance
… First of all, the EDPB notes that, in determining whether a DPIA is mandatory, a controller, prior to the processing of … not solely focus on Article 35 (2)(b) GDPR (requiring a DPIA to be carried out prior to the processing on a large … persons. Moreover, according to Article 35 (1) GDPR, a DPIA is mandatory in all types of processing that have such …
EDPB response to Mrs Ďuriš Nicholsonová's letter on follow up questions in the fight against the COVID-19 pandemics
17 July 2020
Letters
… with the duration of the emergency, the implementation of DPIAs for contact tracing solutions and the use of similar … go through a mandatory data protection impact assessment (DPIA) might delay the implementation of contact tracing … at national level. The EDPB has clarified that the DPIA is a crucial step in addressing high risk situations as …