GDPR-35-15
Conformity
35 — Data protection impact assessment
Consider code compliance in DPIA assessment
Description
Compliance with approved codes of conduct by controllers or processors must be taken into due account when assessing the impact of processing operations, particularly for DPIA purposes.
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-35-01
Risk Management
Conduct DPIA for high-risk processing
GDPR-35-02
Human Oversight
Seek DPO advice when conducting DPIA
GDPR-35-03
Risk Management
Conduct DPIA for systematic automated evaluation with legal effects
GDPR-35-04
Risk Management
Conduct DPIA for large-scale special category data processing
GDPR-35-05
Risk Management
Conduct DPIA for systematic large-scale public area monitoring
GDPR-35-06
Transparency
Establish and publish DPIA-required processing list
GDPR-35-07
Reporting
Communicate DPIA-required list to Board
GDPR-35-08
Transparency
Establish and publish DPIA-exempt processing list
GDPR-35-09
Reporting
Communicate DPIA-exempt list to Board
GDPR-35-10
Data Governance
Apply consistency mechanism for cross-border lists
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started