Further to publication #12 Data Protection Impact Assessment from our Blog we inform You that the Commission for Personal Data Protection published a list of the types of processing operations for which data protection impact assessment (DPIA) is required. The list was published on 13.02.2019 on the Commission’s website.
Pursuant to the above-mentioned list data controllers whose main or single establishment is on the territory of the Republic of Bulgaria are required to conduct compulsory DPIA in each of the following cases:
• Large scale processing of biometric data for the purposes of the unique identification of a natural person, which is not occasional;
• Processing of genetic data for profiling purposes which produces legal effects for the data subject or similarly significantly affects them;
• Processing of location data for profiling purposes which produces legal effects for the data subject or similarly significantly affects them;
• Processing operations for which the provision of information to the data subject pursuant to Art. 14 of GDPR is impossible or would involve disproportionate effort or is likely to render impossible or seriously impair the achievement of the objectives of that processing, when this is related to large scale processing;
• Personal data processing by controller whose main place of establishment is outside the EU when its designated representative for the EU is located on the territory of the Republic of Bulgaria;
• Regular and systematic processing for which the provision of information pursuant to Art. 19 of GDPR by the controller to the data subject is impossible or involves disproportionate efforts;
• Processing of personal data of children in relation to the offer of information society services directly to a child;
• Migration of data from existing to new technologies when this is related to large scale data processing.
The current list – adopted on the basis of Art. 35 Para 4 of GDPR – is non-exhaustive and can be updated, if necessary. We will inform You accordingly for any such updates.