- Data Protection impact assessments—ensuring consistency
- When are controllers obliged to carry out a data protection impact assessment (DPIA)?
- According to the ICO’s guidance, what kind of processing operations are likely to be high risk and require a DPIA?
- With each supervisory authority publishing lists of processing activities that require a DPIA, how is a consistent approach maintained across the EEA?
- What has the EDPB said about the ICO’s DPIA list?
- How will this impact practitioners in this area?
Information Law analysis: A data protection impact assessment (DPIA) is now required as a matter of statutory obligation, when the criteria in Article 35 of the General Data Protection Regulation, Regulation (EU) 2016/679 (the GDPR) are met. Aidan Eardley, barrister at One Brick Court Chambers, explains the requirements for carrying out a DPIA.
Sign in or take a trial to read the full analysis.
To continue reading this news article, as well as thousands of others like it, sign in to LexisPSL or register for a free trial