GDPR-35-11
Documentation
35 — Data protection impact assessment
Include systematic description in DPIA
Description
The DPIA must contain a systematic description of the envisaged processing operations and the purposes of processing, including where applicable, the legitimate interest pursued by the controller.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-35-01
Risk Management
Conduct DPIA for high-risk processing
GDPR-35-02
Human Oversight
Seek DPO advice when conducting DPIA
GDPR-35-03
Risk Management
Conduct DPIA for systematic automated evaluation with legal effects
GDPR-35-04
Risk Management
Conduct DPIA for large-scale special category data processing
GDPR-35-05
Risk Management
Conduct DPIA for systematic large-scale public area monitoring
GDPR-35-06
Transparency
Establish and publish DPIA-required processing list
GDPR-35-07
Reporting
Communicate DPIA-required list to Board
GDPR-35-08
Transparency
Establish and publish DPIA-exempt processing list
GDPR-35-09
Reporting
Communicate DPIA-exempt list to Board
GDPR-35-10
Data Governance
Apply consistency mechanism for cross-border lists
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started