Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?
Which of the following is TRUE about the Data Protection Impact Assessment (DPIA) process as required under the General Data Protection Regulation (GDPR)?
The DPIA must include a description of the proposed processing operation and its purpose. This is a requirement detailed in Article 35 of the GDPR, which specifies that the DPIA must contain a systematic description of the envisaged processing operations and the purposes of the processing.
C. The DPIA must include a description of the proposed processing operation and its purpose. The GDPR requires that a DPIA contain "a systematic description of the envisaged processing operations and the purposes of the processing" as one of its key elements. This is clearly stated in Article 35 of the GDPR which outlines the requirements for conducting a DPIA. For D,The DPIA is specifically required when the data processing is "likely to result in a high risk to the rights and freedoms of natural persons", not just if there is any risk involved.
DPIA only required for high risk