DPIA list of the Hungarian supervisory authority

The lists of processing activities where DPIA is required, together with a brief overview and examples, is available here and here.

The following examples are on the DPIA list:

  • Biometric data. Where the processing of biometric data refers to systematic monitoring or where the processing of biometric data pertains to vulnerable data subjects (in particular, children, employees and the mentally ill
  • Genetic data. Where the processing of genetic data is carried out in connection with sensitive data or data of a highly personal nature
  • The purpose of data processing is to assess certain characteristics of the data subject, and its result has an effect on the quality or the provision of the service provided and to be provided to the data subject
  • Credit rating. The purpose of data processing is to assess the creditability of the data subject by means of large-scale or systematic evaluation of personal data
  • The purpose of data processing is profiling by evaluating personal data systematically and on a large scale, especially when it is based on the characteristics of workplace performance, financial status, health condition, personal preferences or interests, trustworthiness or conduct, residence or movement of the data subject
  • Systematic surveillance. Systematic and large-scale surveillance of data subjects in public areas or spaces by camera systems, drones or any other new technology (Wi-Fi tracking, Bluetooth tracking or body cameras)
  • Location data. Where the processing of location data refers to systematic monitoring or profiling

Prior consultation

The links leading to CNIL software for the Data Privacy Impact Assessment software (DPIA) of the French Data Protection Authority were published by the Authority on its homepage