List of types of processing operations requiring DPIA
According to art. 35. 4 of the GDPR The supervisory authority shall establish and make public a list of the kind of processing operations which are subject to the requirement for a data protection impact assessment.
Pursuant to art. 54 of the Polish Data Protection Act of 10 May 2018, the list is announced by the President of the Office. This has to be done within 3 months of the entry into force of the act, as stated. In article 172 of the act.
Please note that the controller shall evaluate the effects of planned processing operations on the protection of personal data prior to the processing.