GDPR-35-03 Risk Management 35 — Data protection impact assessment

Conduct DPIA for systematic automated evaluation with legal effects

Description

A DPIA is specifically required for systematic and extensive evaluation of personal aspects based on automated processing, including profiling, where decisions produce legal effects or similarly...

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Related Obligations

GDPR-35-01 Risk Management

Conduct DPIA for high-risk processing

GDPR-35-02 Human Oversight

Seek DPO advice when conducting DPIA

GDPR-35-04 Risk Management

Conduct DPIA for large-scale special category data processing

GDPR-35-05 Risk Management

Conduct DPIA for systematic large-scale public area monitoring

GDPR-35-06 Transparency

Establish and publish DPIA-required processing list

GDPR-35-07 Reporting

Communicate DPIA-required list to Board

GDPR-35-08 Transparency

Establish and publish DPIA-exempt processing list

GDPR-35-09 Reporting

Communicate DPIA-exempt list to Board

GDPR-35-10 Data Governance

Apply consistency mechanism for cross-border lists

GDPR-35-11 Documentation

Include systematic description in DPIA

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Conduct DPIA for systematic automated evaluation with legal effects

Description

Full Analysis & Evidence Requirements

Related Obligations

Map this obligation to your AI systems

Start your compliance assessment