Belgian DPA Publishes Updated List of Processing Activities Requiring DPIA
The Belgian Data Protection Authority recently published (in French and in Dutch) the updated list of the types of processing activities which require a data protection impact assessment (“DPIA”).
Article 35(4) of the EU General Data Protection Regulation (“GDPR”) obligates supervisory authorities to establish a list of the processing operations that require a DPIA and transmit it to the European Data Protection Board (the “EDPB”).
The Belgian DPA asserts that this list is neither exhaustive nor final and could be modified in the future.
Source: Belgian DPA Publishes Updated List of Processing Activities Requiring DPIA