Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
Based on GDPR Article 35, which of the following situations would trigger the need to complete a DPIA?
Under GDPR Article 35, a Data Protection Impact Assessment (DPIA) is required when a processing activity is likely to result in a high risk to the rights and freedoms of natural persons. Building a dating app that creates candidate profiles based on location data and data from third-party sources involves processing sensitive personal data and combining various data sets, which carries a high risk to individual privacy. This significantly impacts users' privacy and could lead to profiling and tracking concerns, thus necessitating a DPIA.
Answer C: Prior to the first time any new business process involving personal data is completed (Rec. 90).