Guidelines of the supervisory authority

The Danish Data Protection Agency and Ministry of Justice published a guideline on the Data Protection Impact Assessment (DPIA): https://www.datatilsynet.dk/media/6563/konsekvensanalyse.pdf (in Danish). This guideline also contains examples for when a DPIA is necessary. The Data Protection Agency also published a list of “high risk” processing: https://www.datatilsynet.dk/media/6935/datatilsynets-liste-over-behandlinger-der-altid-er-underlagt-kravet-om-en-konsekvensanalyse.pdf (in Danish).

The examples mentioned in both documents are similar to those provided by the Article 29 Working Party (WP 248).