GDPR requires supervisory authories to establish and make public their lists of the kind of processing operations which are subject to the requirement for a data protection impact assessment (DPIA).
22 supervisory authorities submitted their draft lists to the European Data Protection Board (EDPB)…