GDPR - the CNPD has released its black list of processing operationssubject to a data protection impact assessment (DPIA)
Further to Article 35(4) and (6) GDPR, the competent supervisory authorities, i.e., the CNPD in Luxembourg, must establish a list of the kind of processing operations which are likely to result in a high risk for the rights and freedoms of data subject and, hence, subject to the requirement for a data protection impact assessment (hereinafter "DPIA"). Such lists come in addition to the examples of "high risk" situations foreseen in Article 35(3) GDPR.
Click here to read the whole article.
Source: Agefi - March 2019