Translations:Datenschutz-Folgenabschätzung/42/en

If the necessity of a DPIA is not specified by a clear obligation to perform or not perform it, it is at the discretion of the person responsible to assess the necessity of performing the DPIA. The information provided by the Art. 29 Data Protection Working Party will help in this regard. The handling of the list of criteria is recommended as follows, by means of a rule of thumb: A high risk exists in any case if at least two of the criteria are met. In this case, a DPIA should be carried out.