GDPR-35-01 Risk Management 35 — Data protection impact assessment

Conduct DPIA for high-risk processing

Description

Where processing using new technologies is likely to result in high risk to rights and freedoms of natural persons, the controller must carry out a data protection impact assessment prior to the...

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

GDPR-35-02 Human Oversight

Seek DPO advice when conducting DPIA

GDPR-35-03 Risk Management

Conduct DPIA for systematic automated evaluation with legal effects

GDPR-35-04 Risk Management

Conduct DPIA for large-scale special category data processing

GDPR-35-05 Risk Management

Conduct DPIA for systematic large-scale public area monitoring

GDPR-35-06 Transparency

Establish and publish DPIA-required processing list

GDPR-35-07 Reporting

Communicate DPIA-required list to Board

GDPR-35-08 Transparency

Establish and publish DPIA-exempt processing list

GDPR-35-09 Reporting

Communicate DPIA-exempt list to Board

GDPR-35-10 Data Governance

Apply consistency mechanism for cross-border lists

GDPR-35-11 Documentation

Include systematic description in DPIA

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Conduct DPIA for high-risk processing

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment