December 10, 2018

December 07, 2018

Subscribe to Latest Legal News and Analysis

The CNIL Has Published Its List of Processing Activities Requiring a DPIA

Pursuant to Article 35.4 of the RGPD (GDPR), the CNIL has published a list of 14 categories of processing activities for which it deems it necessary to perform a Data Protection Impact Assessment (DPIA).   On its website, the CNIL also provides examples of the types of processing activities for each of these categories.

The European Data Protection Board’s published opinion regarding this list may be read here.

21 other data protection authorities have submitted their list to the EDPB for opinion . Organizations will need to check one or several of these national lists before implementing a processing activity especially a cross boarder one.


© Copyright 2018 Squire Patton Boggs (US) LLP


About this Author

Stephanie Faber Attorney Squire Patton Boggs Paris
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs

  • Data breach...

33 1 5383 7400