Basic information about the regulation

Name of regulation
Minimal content of the DPIA
Citation
The assessment shall contain at least:
(a) a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller;
(b) an assessment of the necessity and proportionality of the processing operations in relation to the purposes;
(c) an assessment of the risks to the rights and freedoms of data subjects referred to in paragraph 1; and
(d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned.
Legislative localisation Chapter IV, Section 3, Article 35, Paragraph 7
Regulation
subject-matter
Data protection impact assessment (Article 35, Section 3, Chapter IV)
Regulation type Obligation
Regulation class Requirement
Subjects of regulation
Obligation Controller
Processor
Tree of knowledge link https://knowww.eu/nodes/5a0595ea4b5b5f00019038bb