GDPR-35-06
Transparency
35 — Data protection impact assessment
Establish and publish DPIA-required processing list
Description
The supervisory authority must establish and make public a list of processing operations that require a data protection impact assessment.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-35-01
Risk Management
Conduct DPIA for high-risk processing
GDPR-35-02
Human Oversight
Seek DPO advice when conducting DPIA
GDPR-35-03
Risk Management
Conduct DPIA for systematic automated evaluation with legal effects
GDPR-35-04
Risk Management
Conduct DPIA for large-scale special category data processing
GDPR-35-05
Risk Management
Conduct DPIA for systematic large-scale public area monitoring
GDPR-35-07
Reporting
Communicate DPIA-required list to Board
GDPR-35-08
Transparency
Establish and publish DPIA-exempt processing list
GDPR-35-09
Reporting
Communicate DPIA-exempt list to Board
GDPR-35-10
Data Governance
Apply consistency mechanism for cross-border lists
GDPR-35-11
Documentation
Include systematic description in DPIA
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started