CLVPartners

CLV-02
Menu

Blacklist on Data Protection Impact Assessment (DPIA)

Company groups, Data protection, Medium-sized companies, News, Start-ups / / black list, data protection, Data Protection Impact Assessment, DPIA, GDPR, HDP A, impact assesment, NAIH

Under Article 35 (4) of regulation (EU) 2016/679 of the European Parliament and of the Council („GDPR”), the National Authority for Data Protection and Freedom of Information
(„NAIH”) established a list of the kind of processing operations which
are subject to the requirement for a data protection impact assessment („black list”).
According to article 35 of the GDPR: Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data.

The GDPR defines some circumstances when a DPIA is to be carried out:
• a systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and upon which decisions are based that produce legal effects concerning the natural person or similarly significantly affect the natural person;
• processing on a large scale of special categories of data, or of personal data relating to criminal convictions and offences; or
• a systematic monitoring of a publicly accessible area on a large scale.

The black list contains the following processing activities when a DPIA is to be carried out:
• processing of biometric or genetic data;
• scoring;
• credit or solvency rating;
• further use of data collected from third persons;
• the use of the personal data of pupils and students for assessment;
• profiling;
• anti-fraud activity;
• smart meters;
• automated decision making producing legal effects or similarly significant effects;
• systematic surveillance;
• location data;
• monitoring employee work;
• processing of considerable amounts of special categories of personal data;
• processing of considerable amounts of personal data for law enforcement purposes;
• the processing of the personal data of children for profiling;
• the use of new technologies for data processing;
• the processing of health data;
• an application, tool, or platform for use by an entire sector;
• combine data from various sources.

CLVPartners
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.