List of types of processing operations requiring DPIA

According to art. 35. 4 of the GDPR The supervisory authority shall establish and make public a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment.

Pursuant to art. 54 of the Polish Data Protection Act of 10 May 2018, the list is announced by the President of the Office. This has to be done within 3 months of the entry into force of the act, as stated. In article 172 of the act.

The President of the Personal Data Protection Office prepared the final proposal of the list of operations, which was then forwarded to the European Data Protection Board in accordance with the procedure of art. 64. 1 . a) GDPR. The information will be published in an appropriate announcement.

Please note that the controller shall evaluate the effects of planned processing operations on the protection of personal data prior to the processing.

2018-07-31 Metadane artykułu