GDPR-35-14
Risk Management
35 — Data protection impact assessment
Document risk mitigation measures in DPIA
Description
The DPIA must contain the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure protection of personal data and demonstrate compliance, taking into...
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-35-01
Risk Management
Conduct DPIA for high-risk processing
GDPR-35-02
Human Oversight
Seek DPO advice when conducting DPIA
GDPR-35-03
Risk Management
Conduct DPIA for systematic automated evaluation with legal effects
GDPR-35-04
Risk Management
Conduct DPIA for large-scale special category data processing
GDPR-35-05
Risk Management
Conduct DPIA for systematic large-scale public area monitoring
GDPR-35-06
Transparency
Establish and publish DPIA-required processing list
GDPR-35-07
Reporting
Communicate DPIA-required list to Board
GDPR-35-08
Transparency
Establish and publish DPIA-exempt processing list
GDPR-35-09
Reporting
Communicate DPIA-exempt list to Board
GDPR-35-10
Data Governance
Apply consistency mechanism for cross-border lists
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started