October 23, 2019

October 22, 2019

Subscribe to Latest Legal News and Analysis

October 21, 2019

Subscribe to Latest Legal News and Analysis

The CNIL Has Published Its List of Processing Activities Requiring a DPIA

Pursuant to Article 35.4 of the RGPD (GDPR), the CNIL has published a list of 14 categories of processing activities for which it deems it necessary to perform a Data Protection Impact Assessment (DPIA).   On its website, the CNIL also provides examples of the types of processing activities for each of these categories.

The European Data Protection Board’s published opinion regarding this list may be read here.

21 other data protection authorities have submitted their list to the EDPB for opinion . Organizations will need to check one or several of these national lists before implementing a processing activity especially a cross boarder one.


© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Stephanie Faber Attorney Squire Patton Boggs Paris
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs

  • Data breach...

33 1 5383 7400