On September 25, the European Data Protection Board ("EDPB") adopted 22 Opinions listing the common criteria for the types of processing activities that require a data protection impact assessment ("DPIA"). A DPIA is a process to identify and mitigate data protection risks that could affect the rights and freedoms of individuals. The EDPB received lists from the national data protection authorities of 22 EU Member States regarding the types of operations that are likely to result in a high risk to individuals and may trigger a DPIA.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.