A Data Protection Impact Assessment is required before processing that is likely high-risk. Tick
every criterion that applies to one processing activity. Two or more usually means run a DPIA.
EDPB nine criteria · Art. 35
Which of these does your processing involve?
Assess one activity at a time. The more boxes you tick, the higher the risk.
0 of 9 criteria selected
Assessment
Tick the criteria that apply to see whether a DPIA is needed.
Always required, whatever the count (Art. 35(3))
Systematic, extensive profiling that produces legal or similarly significant effects.
Large-scale processing of special-category (Art. 9) or criminal-conviction data.
Large-scale systematic monitoring of a publicly accessible area.