Save This

EU Member State DPIA Whitelists, Blacklists and Guidance

Data protection authorities of many EU member states have published draft lists of data processing activities that would trigger the need for a data protection impact assessment in that country.

The European Data Protection Board weighed in on the drafts, you can find its opinions here. And IAPP Westin Fellow Müge Fazlioglu, CIPP/E, CIPP/US, has written an analysis of the opinions here.

IAPP extern Darya Balybina, CIPP/E, CIPP/US, CIPM has written an analysis, "What is and what isn't subject to a DPIA under GDPR? An update", found here.

Please note this resource was last updated 16 December, 2019 and is no longer being updated.

Country	DPIA blacklist/whitelist

Austria	Whitelist from the Austrian Data Protection Authority

Belgium	Blacklist & Whitelist from the Belgian Privacy Commission

Bulgaria	Blacklist from The Commission for Personal Data Protection

Croatia	Blacklist from the Personal Data Protection Agency of the Republic of Croatia

Cyprus	Blacklist from the Office of the Commissioner for Personal Data Protection

Czech Republic	Blacklist from The Office for Personal Data Protection

Denmark	(Not yet available)

Estonia	Blacklist from the Data Protection Inspectorate

Finland	Blacklist from the Office of the Data Protection Ombudsman

France	Blacklist from the CNIL

Germany	Blacklists from German DPAs

Germany: Baden-Wuerttemberg	Blacklist from The State Commissioner for Data Protection Baden-Württemberg

Germany: Brandenburg	Blacklist from The Data Protection Supervisor and the Right to File Inspection

Germany: Federal Commissioner	Blacklist

Germany: Hamburg	Blacklist

Germany: Hessen	Blacklist from The State Commissioner for Data Protection Hessen

Germany: Lower Saxony	Blacklist from The State Commissioner for Data Protection Niedersachsen

Germany: North Rhine-Westphalia	Blacklist

Germany: Rhineland-Palatinate	Private Bodies Blacklist, Public Bodies Blacklist

Germany: Saarland	Blacklist

Germany: Saxony	Blacklist from The State Commissioner for Data Protection Sachsen

Germany: Schleswig-Holstein	Blacklist from The State Commissioner for Data Protection Schleswig-Holstein

Germany: Thuringia	Blacklist from The State Commissioner for Data Protection Thüringer

Greece	Blacklist from The Hellenic Data Protection Authority

Hungary	Blacklist from the Hungarian data protection authority

Ireland	Blacklist from the Data Protection Commission

Italy	Blacklist from the Italian Data Protection Authority

Latvia	Blacklist from the Data State Inspecorate

Lithuania	Blacklist from the State Data Protection Inspectorate

Luxembourg	(Not yet available)

Malta	Blacklist from The Office of the Information and Data Protection Commissioner

The Netherlands	Final DPIA list from Dutch Data Protection Authority

Poland	Blacklist from the Personal Data Protection Office

Portugal	Blacklist from Portugal's National Commission for Data Protection

Romania	Blacklist from the Romanian DPA (In Romanian; In English, translated by PrivacyOne)

Slovakia	Blacklist from the Office for Personal Data Protection of the Slovak Republic

Slovenia	Blacklist from the Information Commissioner of Slovenia

Spain	(Not yet available)

Sweden	Blacklist from the Datainspektionen

United Kingdom	Blacklist from the Information Commissioner's Office

Tags: , , ,

Trump administration considers 'blacklisting' Chinese surveillance company

The New York Times reports the Trump administration is considering placing limits on Hikvision, one of the world’s largest surveillance firms, from buying American technology. This would place Hikvision on a U.S. blacklist. Hikvision products track people around the country using facial recognition ...

Read More Save This

Government Gets Go-Ahead for Blacklist Database

The Swedish Data Inspection Board will allow the government to start a registry of blacklisted sports supporters, The Local reports. The board says there are a number of issues that need to be addressed before the registry moves forward, including exactly what information would be kept on blackliste...

Read More Save This

Group Calls for Investigation into Blacklist Database

Click Liverpool reports on advocacy group Privacy International's call for a government investigation into a Bristol-based company's national blacklist of "nightmare" hotel guests. GuestScan.com allows hotel owners to share information about "known or potential troublemakers" in an online database d...

Read More Save This

What triggers a DPIA under the GDPR?

Published: July 2018Click To View (PDF)Click To View (PNG) The IAPP has created this infographic to help you determine what kinds of activities are more likely to trigger a mandatory data protection impact assessment under the EU General Data Protection Regulation. Print it out for a quick refere...

Read More Save This

Template for Data Protection Impact Assessment (DPIA)

This template, published by Family Links Network, provides a list of questions related to data protection issues that should be considered by National Societies prior to conducting a DPIA. Click To View (PDF) ...

Read More Save This

ResourceCenter

All the privacy tools and information you need in one easy-to-find place

EU Member State DPIA Whitelists, Blacklists and Guidance

EU Member State DPIA Whitelists, Blacklists and Guidance

Related Stories