The released list is only of indicative nature and the enumeration of the respective operations which are subject to carry out a data protection impact assessment (DPIA) is not an exhaustive one.

Some of contained processing operations indicates the necessity to carry out DPIA by itself (e. g. operations related to the evaluation and scoring, assessment of credibility, assessment of payment capacity, profiling or CCTV monitoring of public premises).

Other of the contained processing operations indicates the necessity to carry out DPIA together with the other criteria specified in the WP 248 guidelines of Article 29 Working party (e. g. operations related to the biometric data for the individual identification, genetic data, localization data or the use of innovative or new technologies).

The complete list of the of the processing operations is available here:

• https://www.dataprotection.gov.sk/uoou/sites/default/files/list_of_processing_operations_which_are_subject_to_the_requirement_for_dpia.pdf

Should you have any questions regarding the carrying out of the impact assessment and related methodology, or any other privacy issues, please contact our GDPR expert Michal Bubák.