Under Article 39(4) of Regulation (EU) 2018/1725, the EDPS shall adopt a list of the kinds of processing operations subject to a data protection impact assessment (DPIA). Under paragraph 5 of the same Article, the EDPS may adopt a list of the kinds of processing operations not subject to a DPIA. EDPB has published the DPIA lists issued under articles 39(4) and (5) of Regulation (EU)2018/1725 on 17th july.
The Annexes related to this document are:
Annexe 1: List of criteria for assessing whether processing operations are likely to result in high risks ;
Annexe 2: Non-exhaustive list of some common processing operations and prima-facie indications of their risks ;
Annexe 3: Non-exhaustive list ofsome common processing operations not requiring a DPIA ;