15. 15
DATA PROTECTION IMPACT ASSESSMENT (DPIA)
● Following activities are required to have a DPIA
○ Processing of special categories of personal data at large scale.
○ Core business activities consist of systematic monitoring of the data subject at
large scale.
○ Monitoring of publicly accessible areas at a large scale
19. 19
DATA PROCESSING RECORD (CONTROLLER)
● Name and contact details of controllers, the representatives, and data protection
officer.
● Purposes of processing
● Description of the categories of data subjects and categories of personal data.
● The categories of recipients to whom the personal data have need or will be
disclosed.
● Transfers of personal data to a third country/international organization.
● Time limits for the erasure of the different data categories.
● General description of the technical and organizational security measures.
21. 21
DATA PROCESSING RECORD (PROCESSOR)
● Name and contact details of controllers, the representatives, and data protection
officer.
● Categories of processing
● Transfers of personal data to a third country/international organization.
● General description of the technical and organizational security measures.