The CNIL Has Published Its List Of Processing Activities Requiring A DPIA

Author:Ms Stephanie Faber
Profession:Squire Patton Boggs LLP

Pursuant to Article 35.4 of the RGPD (GDPR), the CNIL has published a list of 14 categories of processing activities for which it deems it necessary to perform a Data Protection Impact Assessment (DPIA). On its website, the CNIL also provides examples of the types of processing activities for each of these categories.

The European Data Protection Board's published opinion regarding this list may be read here.

21 other data protection authorities have submitted their list to the EDPB for opinion. Organizations...

To continue reading