Data protection impact assessment
Data Protection Impact Assessments (DPIA) help organizations identify and manage risks to people's personal data. Data controllers need to carry out a DPIA before any processing likely to result in a high risk to the rights and freedoms of individuals. If such risks cannot be mitigated by appropriate measures, the controller needs to consult the Data Protection Authority (DPA) before proceeding. The EDPB provides guidance on DPIAs. DPAs also adopt lists of the kind of processing activities for which a DPIA is or is not required, which are subject to opinions of the Board.
Enforcement support
AI Risks: Optical Character Recognition and Named Entity Recognition
Support Pool of Experts
#Data protection impact assessment
#Artificial intelligence
Read more about
AI Risks: Optical Character Recognition and Named Entity Recognition
Compliance instruments
Opinion 6/2024 on the draft list of the Latvian SA on pro-cessing operations exempt from the data protection impact assessment requirement (Art. 35.5 GDPR)
Opinion of the Board (Art. 64)
#Data protection impact assessment
Read more about
Opinion 6/2024 on the draft list of the Latvian SA on pro-cessing operations exempt from the data protection impact assessment requirement (Art. 35.5 GDPR)
Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR)
Opinion of the Board (Art. 64)
#Data protection impact assessment
Read more about
Opinion 7/2020 on the draft list of the competent supervisory authority of France regarding the processing operations exempt from the requirement of a data protection impact assessment (Article 35(5) GDPR)