Compliance Library Blog Product Sign In
GDPR-35-07 Reporting 35 — Data protection impact assessment

Communicate DPIA-required list to Board

Description

The supervisory authority must communicate the list of processing operations requiring DPIA to the Board.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

GDPR-35-01 Risk Management

Conduct DPIA for high-risk processing
GDPR-35-02 Human Oversight

Seek DPO advice when conducting DPIA
GDPR-35-03 Risk Management

Conduct DPIA for systematic automated evaluation with legal effects
GDPR-35-04 Risk Management

Conduct DPIA for large-scale special category data processing
GDPR-35-05 Risk Management

Conduct DPIA for systematic large-scale public area monitoring
GDPR-35-06 Transparency

Establish and publish DPIA-required processing list
GDPR-35-08 Transparency

Establish and publish DPIA-exempt processing list
GDPR-35-09 Reporting

Communicate DPIA-exempt list to Board
GDPR-35-10 Data Governance

Apply consistency mechanism for cross-border lists
GDPR-35-11 Documentation

Include systematic description in DPIA

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started