Bernd Schütze

Supervisory authorities published positive lists on data protection impact assessment

Die BfDI and 9 Federal states published the positive lists as per Art. 35 GDPR on schedule for the GDPR entering into effect, i.e. the list includes the processes for which data protection impact assessments (DSFA) will be mandatory according to the specific supervisory authority:

The requirements are unfortunately not coordinated between supervisory authorities, i.e. no uniform list of requirements for data protection impact assessments exist in Germany. Please visit for a comparative overview. We may justifiably ask how a uniform interpretation of the GDPR will be achieved.

Author: Bernd Schütze


Leave a Reply

Your email address will not be published. Required fields are marked *