GDPR-35-17
Monitoring
35 — Data protection impact assessment
Review DPIA when risk changes
Description
Where necessary, the controller must carry out a review to assess if processing is performed in accordance with the data protection impact assessment at least when there is a change of the risk...
Full Analysis & Evidence Requirements
Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.
Sign In to ViewRelated Obligations
GDPR-35-01
Risk Management
Conduct DPIA for high-risk processing
GDPR-35-02
Human Oversight
Seek DPO advice when conducting DPIA
GDPR-35-03
Risk Management
Conduct DPIA for systematic automated evaluation with legal effects
GDPR-35-04
Risk Management
Conduct DPIA for large-scale special category data processing
GDPR-35-05
Risk Management
Conduct DPIA for systematic large-scale public area monitoring
GDPR-35-06
Transparency
Establish and publish DPIA-required processing list
GDPR-35-07
Reporting
Communicate DPIA-required list to Board
GDPR-35-08
Transparency
Establish and publish DPIA-exempt processing list
GDPR-35-09
Reporting
Communicate DPIA-exempt list to Board
GDPR-35-10
Data Governance
Apply consistency mechanism for cross-border lists
Map this obligation to your AI systems
ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.
Get Started