Article 42(1) of the Data Protection Act explicitly confirms that for a set of similar processing operations that present similar high risks, a single data protection impact assessment is enough.
DPIA list of the Slovak supervisory authority
Slovak Data Protection Authority also published a list of processing operations for which the data protection impact assessment is necessary (in Slovak), available at: https://dataprotection.gov.sk/uoou/sk/content/zoznam-spracovatelskych-operacii-ktore-podliehaju-posudeniu-vplyvu.
These operations include for example:
- Processing of biometric or genetic data
- Evaluation or scoring of a natural person or its profiling
- Evaluation of credibility of a natural person
- Employee monitoring
Guidelines of the supervisory authority
The Slovak Data Protection Authority published a methodology of data protection impact assessments (in Slovak), available at:
Moreover, the Slovak Data Protection Act does not regulate the opening clause of Article 36(5) of the Data Protection Act. Therefore, it does not require the prior consultation or authorization from the supervisory authority in relation to processing in the public interest, including processing in relation to social protection and public health.