EDPS adopts list of types of processing that require DPIA

On July 17, 2019, the European Data Protection Supervisor (EDPS) adopted and published a list of the types of processing operations that require a data protection impact assessment (DPIA) under Article 39 of Regulation (EU) 2018/1725 for the EU institution. The EDPS also adopted a list of those processing that at first sight do not require a DPIA.

The list of processing operations annexed to this Decision are non-exhaustive.


The decision of the European Data Protection Supervisor Of 16 July 2019 on DPIA  Lists Issued Under Articles 39(4) and (5) of Regulation (EU) 2018/1725 is available at https://edps.europa.eu….




For more information on how EU privacy may impact your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli