{"id":9219,"date":"2021-03-25T13:57:59","date_gmt":"2021-03-25T12:57:59","guid":{"rendered":"https:\/\/www.robin-data.io\/?p=9219"},"modified":"2025-04-22T09:39:43","modified_gmt":"2025-04-22T07:39:43","slug":"data-protection-impact-assessment-2","status":"publish","type":"post","link":"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2","title":{"rendered":"data protection impact assessment"},"content":{"rendered":"<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-39wvr7-35f57aafe4108c1c0023d787bb1f8e6f\">\n.flex_column.av-39wvr7-35f57aafe4108c1c0023d787bb1f8e6f{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-39wvr7-35f57aafe4108c1c0023d787bb1f8e6f av_one_full  avia-builder-el-0  el_before_av_one_full  avia-builder-el-first  first flex_column_div av-zero-column-padding'     ><p><section  class='av_textblock_section av-kr4n4rev-415d8ce59dd2b49de2c19a5b96ac7245'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\">Data Protection Academy<\/a> \u00bb <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\">Data Protection Wiki<\/a> \u00bb <strong>Data Protection Impact Assessment (DPIA)<\/strong><\/p>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kmov4u1d-8a82610a7dd42fa54e20481f9241a2dc\">\n.avia-image-container.av-kmov4u1d-8a82610a7dd42fa54e20481f9241a2dc img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-kmov4u1d-8a82610a7dd42fa54e20481f9241a2dc .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-kmov4u1d-8a82610a7dd42fa54e20481f9241a2dc av-styling- avia-align-left  avia-builder-el-2  el_after_av_textblock  el_before_av_hr'   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" fetchpriority=\"high\" class='wp-image-14065 avia-img-lazy-loading-not-14065 avia_image' src=\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg\" alt='A man does his data protection impact assessment (DPIA) under Article 35 GDPR on a tablet' title=''  height=\"343\" width=\"685\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg 685w, https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing-300x150.jpg 300w, https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing-18x9.jpg 18w\" sizes=\"(max-width: 685px) 100vw, 685px\" \/><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kmomuatd-978509eeec483f907d5460215c21d218\">\n#top .hr.hr-invisible.av-kmomuatd-978509eeec483f907d5460215c21d218{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-kmomuatd-978509eeec483f907d5460215c21d218 hr-invisible  avia-builder-el-3  el_after_av_image  el_before_av_heading'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-8q1a4z-ae415ea7bc36b3c8972f3465a07ea512\">\n#top .av-special-heading.av-8q1a4z-ae415ea7bc36b3c8972f3465a07ea512{\npadding-bottom:10px;\ncolor:#303440;\n}\nbody .av-special-heading.av-8q1a4z-ae415ea7bc36b3c8972f3465a07ea512 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-8q1a4z-ae415ea7bc36b3c8972f3465a07ea512 .special-heading-inner-border{\nborder-color:#303440;\n}\n.av-special-heading.av-8q1a4z-ae415ea7bc36b3c8972f3465a07ea512 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-8q1a4z-ae415ea7bc36b3c8972f3465a07ea512 av-special-heading-h1 custom-color-heading  avia-builder-el-4  el_after_av_hr  el_before_av_hr'><h1 class='av-special-heading-tag'  itemprop=\"headline\"  >Data Protection Impact Assessment (DPIA) according to Article 35 DSGVO<\/h1><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kmomuatd-5-30b8c7f33af8007555f2eb40aec6752f\">\n#top .hr.hr-invisible.av-kmomuatd-5-30b8c7f33af8007555f2eb40aec6752f{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-kmomuatd-5-30b8c7f33af8007555f2eb40aec6752f hr-invisible  avia-builder-el-5  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kmolmarf-58ea6c93863af752c467bd259759a925'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The <strong>data protection impact assessment <\/strong>(DSFA) is in <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 35 GDPR<\/a> and is a risk analysis that applies to the description and assessment of risks prior to the processing of certain data. The data protection impact assessment is a complex process within <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-basics\">data protection<\/a>which does not have to be carried out prior to every data processing activity, but in the case of particularly critical processing operations which either use a certain automated system, or <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data\">individual-related data<\/a> special categories (according to <a href=\"https:\/\/help.robin-data.io\/artikel-9-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 9<\/a> and the <a href=\"https:\/\/help.robin-data.io\/artikel-10-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 10<\/a> of the GDPR). By assessing the risk during processing, this should be reduced.<\/p>\n<p>The risk analysis or impact assessment for data processing already existed in the BDSG (old). The corresponding procedure was regulated in Section 4d (5) and (6) and required prior checking as soon as automated processing operations entailed particular risks for the rights and freedoms of the data subjects.<\/p>\n<\/div><\/section><\/p><\/div>\n<div class='flex_column_table av-lw9umk-c302011db03bd6f2b09aed3e578ef903 sc-av_one_full av-equal-height-column-flextable'>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lw9umk-c302011db03bd6f2b09aed3e578ef903\">\n.flex_column.av-lw9umk-c302011db03bd6f2b09aed3e578ef903{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"uebersicht\"  class='flex_column av-lw9umk-c302011db03bd6f2b09aed3e578ef903 av_one_full  avia-builder-el-7  el_after_av_one_full  el_before_av_one_full  first flex_column_table_cell av-equal-height-column av-align-top av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-kiipug5e-a69566d46b299f3be16162a702095af7'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2 class=\"av-special-heading-tag\">Most important information about the data protection impact assessment (DPIA):<\/h2>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-isshb7-24dddb8db9fdd83ae2866349584da8d6\">\n#top .hr.hr-invisible.av-isshb7-24dddb8db9fdd83ae2866349584da8d6{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-isshb7-24dddb8db9fdd83ae2866349584da8d6 hr-invisible  avia-builder-el-9  el_after_av_textblock  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kymo5rx6-84035b060f382350e1750b704e42d639'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><ul>\n<li style=\"font-size: 20px;\">With the GDPR, data controllers are obliged to carry out a risk analysis for data processing.<\/li>\n<li style=\"font-size: 20px;\">This risk analysis is the basis for deciding whether a data protection impact assessment (abbreviated to \"DPIA\") must be prepared if a high risk arises<\/li>\n<li style=\"font-size: 20px;\">The legal requirements for DPIA are set out in the <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 35 GDPR<\/a> described<\/li>\n<li style=\"font-size: 20px;\">Certain organisations are obliged to carry out a DSFA<\/li>\n<li style=\"font-size: 20px;\">The data protection supervisory authorities have drawn up lists of processing activities for which a DSFA must or must not be carried out<\/li>\n<li style=\"font-size: 20px;\">The performance of the DPIA as well as the implemented measures to reduce identified risks are part of the documentation and accountability obligation pursuant to\u00a0<a href=\"https:\/\/help.robin-data.io\/artikel-5-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 5 para. 2 GDPR.<\/a><\/li>\n<li style=\"font-size: 20px;\">The data protection officer shall assist the controller in carrying out the DSFA according to the <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\">Art. 35 (2) DSGVO<\/a>\u00a0support<\/li>\n<\/ul>\n<\/div><\/section><\/p><\/div><\/div><!--close column table wrapper. Autoclose: 1 -->\n<div class='flex_column_table av-lq5k8j-996dbcc7450f6d350c766d69ddc923d6 sc-av_one_full av-equal-height-column-flextable'>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lq5k8j-996dbcc7450f6d350c766d69ddc923d6\">\n.flex_column.av-lq5k8j-996dbcc7450f6d350c766d69ddc923d6{\nborder-radius:0px 0px 0px 0px;\npadding:25px 25px 25px 25px;\nbackground-color:#f7f7f7;\n}\n<\/style>\n<div  id=\"uebersicht\"  class='flex_column av-lq5k8j-996dbcc7450f6d350c766d69ddc923d6 av_one_full  avia-builder-el-11  el_after_av_one_full  el_before_av_one_full  first flex_column_table_cell av-equal-height-column av-align-top  column-top-margin'     ><section  class='av_textblock_section av-lfrz5v-ad3619179017d90ff56144b2eafd9d7f'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h2>Content on the topic of data protection impact assessment and DSFA:<\/h2>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kymoau28-6368381a05f373764b9112004d0c1004\">\n#top .avia-icon-list-container.av-kymoau28-6368381a05f373764b9112004d0c1004 .iconlist_icon{\ncolor:#127db3;\nfont-size:20px;\n}\n#top .avia-icon-list-container.av-kymoau28-6368381a05f373764b9112004d0c1004 .iconlist_icon svg:first-child{\nstroke:#127db3;\nfill:#127db3;\nheight:20px;\nwidth:20px;\n}\n#top #wrap_all .avia-icon-list-container.av-kymoau28-6368381a05f373764b9112004d0c1004 .av_iconlist_title{\nfont-size:20px;\n}\n<\/style>\n<div  class='avia-icon-list-container av-kymoau28-6368381a05f373764b9112004d0c1004  avia-builder-el-13  el_after_av_textblock  el_before_av_hr'><ul class='avia-icon-list avia_animate_when_almost_visible avia-icon-list-left av-iconlist-small av-kymoau28-6368381a05f373764b9112004d0c1004 avia-iconlist-animate'>\n<li><div class='iconlist_icon av-4kben7-f7fe1afb4977c76f70c4145065c2bbe1 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#whitepaper&#039; title=&#039;Whitepaper: Implementing data protection impact assessment step-by-step in a data protection-compliant manner&#039;&gt;Whitepaper: Implementing data protection impact assessment step-by-step in a data protection-compliant manner&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#whitepaper' title='Whitepaper: Implementing data protection impact assessment step-by-step in a data protection-compliant manner'>Whitepaper: Implementing data protection impact assessment step-by-step in a data protection-compliant manner<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-4kben7-2-54ea22578107cd1dde8ed8b3b4f97234 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#hacks&#039; title=&#039;Robin Data Hacks: Carrying out the data protection impact assessment - incl. the DSK&#039;s must-do list&#039;&gt;Robin Data Hacks: Carrying out the data protection impact assessment - incl. the DSK&#039;s must-do list&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#hacks' title='Robin Data Hacks: Carrying out the data protection impact assessment - incl. the DSK&#039;s must-do list'>Robin Data Hacks: Carrying out the data protection impact assessment - incl. the DSK's must-do list<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-jmqdbn-ac4ee2778694e823de199c2abcea5234 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#definition-dsfa&#039; title=&#039;What is a data protection impact assessment?&#039;&gt;What is a data protection impact assessment?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#definition-dsfa' title='What is a data protection impact assessment?'>What is a data protection impact assessment?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-hdyhoj-001c26d0e984cd6a7c50090ede69ef4d avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#pflicht-dsfa&#039; title=&#039;The standard examples pursuant to Article 35 (3) of the GDPR: When is a data protection impact assessment mandatory?&#039;&gt;The standard examples pursuant to Article 35 (3) of the GDPR: When is a data protection impact assessment mandatory?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#pflicht-dsfa' title='The standard examples pursuant to Article 35 (3) of the GDPR: When is a data protection impact assessment mandatory?'>The standard examples pursuant to Article 35 (3) of the GDPR: When is a data protection impact assessment mandatory?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-fsdnrn-d9bccdc3793900de34a9625db071be25 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#zeitpunkt-dsfa&#039; title=&#039;At what point should the DPIA be carried out?&#039;&gt;At what point should the DPIA be carried out?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#zeitpunkt-dsfa' title='At what point should the DPIA be carried out?'>At what point should the DPIA be carried out?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-dzrwwz-c5a0c85af5eb47d10e382d2dd22207d7 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#muss-liste-dsfa&#039; title=&#039;What is the &amp;quot;must list&amp;quot; of a data protection impact assessment according to Art. 35 (4) GDPR?&#039;&gt;What is the &quot;must list&quot; of a data protection impact assessment according to Art. 35 (4) GDPR?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#muss-liste-dsfa' title='What is the &quot;must list&quot; of a data protection impact assessment according to Art. 35 (4) GDPR?'>What is the \"must list\" of a data protection impact assessment according to Art. 35 (4) GDPR?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-17khg3-6e0a6fe0852964387c23946fd7c957b9 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#mindestinhalte-dsfa&#039; title=&#039;What are the minimum contents according to Article 35 (7) GDPR?&#039;&gt;What are the minimum contents according to Article 35 (7) GDPR?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#mindestinhalte-dsfa' title='What are the minimum contents according to Article 35 (7) GDPR?'>What are the minimum contents according to Article 35 (7) GDPR?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-bgt3eb-c67002359041a577a2f35577a475dbfc avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#durchfuehrung-dsfa&#039; title=&#039;Carrying out the data protection impact assessment in 6 steps&#039;&gt;Carrying out the data protection impact assessment in 6 steps&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#durchfuehrung-dsfa' title='Carrying out the data protection impact assessment in 6 steps'>Carrying out the data protection impact assessment in 6 steps<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><ul>\n<li><a href=\"#schritt-1\">Step 1: Planning and analysis of the processing activity<\/a><\/li>\n<li><a href=\"#schritt-2\">Step 2: Check the need for a DPIA<\/a><\/li>\n<li><a href=\"#schritt-3\">Step 3: Assessment of processing activities by means of threshold analysis<\/a><\/li>\n<li><a href=\"#schritt-4\">Step 4: Assess the existing risks<\/a><\/li>\n<li><a href=\"#schritt-5\">Step 5: Selection of suitable measures to reduce the risks<\/a><\/li>\n<li><a href=\"#schritt-6\">Step 6: Documentation of performed DSFA <\/a><\/li>\n<\/ul>\n<\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-8is7zn-9ebe27e1318f659cbcdfe2a0d2cab77d avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#dsfa-rolle-dsb&#039; title=&#039;Is the implementation of the DPIA the responsibility of the data protection officer?&#039;&gt;Is the implementation of the DPIA the responsibility of the data protection officer?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#dsfa-rolle-dsb' title='Is the implementation of the DPIA the responsibility of the data protection officer?'>Is the implementation of the DPIA the responsibility of the data protection officer?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-7924qb-6ec495301207b37712cbda98d466e10c avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#bussgelder&#039; title=&#039;What can happen if companies do not perform a DPIA?&#039;&gt;What can happen if companies do not perform a DPIA?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#bussgelder' title='What can happen if companies do not perform a DPIA?'>What can happen if companies do not perform a DPIA?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-n4o8z-980ec9cab092f8ef798d42400cabb729 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#dsfa-rolle-dsb&#039; title=&#039;Is the implementation of the DPIA the responsibility of the data protection officer?&#039;&gt;Is the implementation of the DPIA the responsibility of the data protection officer?&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#dsfa-rolle-dsb' title='Is the implementation of the DPIA the responsibility of the data protection officer?'>Is the implementation of the DPIA the responsibility of the data protection officer?<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-kymoatd4-156ae6c144371e81b33798ee1fe9ca01 avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#dsfa-robin-data-software&#039; title=&#039;Data protection impact assessment with Robin Data software&#039;&gt;Data protection impact assessment with Robin Data software&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#dsfa-robin-data-software' title='Data protection impact assessment with Robin Data software'>Data protection impact assessment with Robin Data software<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><ul>\n<li><a href=\"#dsfa-robin-data-software\">Import processing activities<\/a><\/li>\n<li><a href=\"#dsfa-robin-data-software\">Perform threshold analysis<\/a><\/li>\n<li><a href=\"#dsfa-robin-data-software\">Carry out a risk assessment<\/a><\/li>\n<li><a href=\"#dsfa-robin-data-software\">Import technical and organisational measures<\/a><\/li>\n<li><a href=\"#dsfa-robin-data-software\">Implement data protection documentation on the side<\/a><\/li>\n<\/ul>\n<\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<li><div class='iconlist_icon av-4kben7-1-a66f58569262ddd791656a268c4d877e avia-font-fontello avia-iconfont avia-font-fontello'><span class='av-icon-char' data-av_icon='\ue806' data-av_iconfont='fontello' aria-hidden=\"true\"><\/span><\/div><article class=\"article-icon-entry av-iconlist-empty\"  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class=\"iconlist_content_wrap\"><header class=\"entry-content-header\" aria-label=\"Icon: &lt;a href=&#039;#downloads&#039; title=&#039;Publications and downloads&#039;&gt;Publications and downloads&lt;\/a&gt;\"><div class='av_iconlist_title iconlist_title_small'  itemprop=\"headline\" ><a href='#downloads' title='Publications and downloads'>Publications and downloads<\/a><\/div><\/header><div class='iconlist_content'  itemprop=\"text\" ><\/div><\/div><footer class=\"entry-footer\"><\/footer><\/article><div class=\"iconlist-timeline\"><\/div><\/li>\n<\/ul><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-20csjn-018ec89765dde53d5eea7cef935c031a\">\n#top .hr.hr-invisible.av-20csjn-018ec89765dde53d5eea7cef935c031a{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-20csjn-018ec89765dde53d5eea7cef935c031a hr-invisible  avia-builder-el-14  el_after_av_iconlist  avia-builder-el-last'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><\/p><\/div><\/div><!--close column table wrapper. Autoclose: 1 -->\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyu7b53u-fe1f5dc7f893b80db264fcb4e3213c62\">\n.flex_column.av-kyu7b53u-fe1f5dc7f893b80db264fcb4e3213c62{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"whitepaper\"  class='flex_column av-kyu7b53u-fe1f5dc7f893b80db264fcb4e3213c62 av_one_full  avia-builder-el-15  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyu77kuj-4322efd1d3ccc38872d3fbcfc2ba484a\">\n#top .av-special-heading.av-kyu77kuj-4322efd1d3ccc38872d3fbcfc2ba484a{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kyu77kuj-4322efd1d3ccc38872d3fbcfc2ba484a .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kyu77kuj-4322efd1d3ccc38872d3fbcfc2ba484a .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-kyu77kuj-4322efd1d3ccc38872d3fbcfc2ba484a av-special-heading-h2  avia-builder-el-16  el_before_av_image  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >Whitepaper Implementing data protection impact assessment step-by-step in line with data protection requirements<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyu78n5c-857289b47783137a5d6fb3699b61d6d4\">\n.avia-image-container.av-kyu78n5c-857289b47783137a5d6fb3699b61d6d4 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-kyu78n5c-857289b47783137a5d6fb3699b61d6d4 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-kyu78n5c-857289b47783137a5d6fb3699b61d6d4 av-styling- avia-align-left  avia-builder-el-17  el_after_av_heading  el_before_av_hr  tp_de2'   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" fetchpriority=\"high\" class='wp-image-13007 avia-img-lazy-loading-not-13007 avia_image' src=\"https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA-1030x429.png\" alt='Whitepaper: Implementing data protection impact assessment step-by-step in a data protection-compliant manner' title='Cover-Whitepaper-DSFA'  height=\"429\" width=\"1030\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA-1030x429.png 1030w, https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA-300x125.png 300w, https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA-768x320.png 768w, https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA-18x7.png 18w, https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA-705x293.png 705w, https:\/\/media.robin-data.io\/2021\/03\/25151312\/Cover-Whitepaper-DSFA.png 1110w\" sizes=\"(max-width: 1030px) 100vw, 1030px\" \/><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-3owshf-e9b08a9a2631eaa66c5ff98582c133a8\">\n#top .hr.hr-invisible.av-3owshf-e9b08a9a2631eaa66c5ff98582c133a8{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-3owshf-e9b08a9a2631eaa66c5ff98582c133a8 hr-invisible  avia-builder-el-18  el_after_av_image  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kyu7at3w-e465b70b41855a6eb11c82501a52acd5'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p style=\"font-size: 20px; color: #00b3bd;\">In the whitepaper Data protection impact assessment step-by-step data protection compliant implementation you will find:<\/p>\n<ul>\n<li>Get information on the\u00a0<strong>Definition of the data protection impact assessment<\/strong><\/li>\n<li>Understand the\u00a0<strong>Legal requirements from Article 35 of the GDPR<\/strong><\/li>\n<li>Learn the\u00a0<strong>minimum legal requirements<\/strong>\u00a0to know about a DSFA<\/li>\n<li>Learn how to work in\u00a0<strong>only 6<\/strong><strong>\u00a0Steps\u00a0<\/strong>Implement a data protection impact assessment<\/li>\n<li>Including The\u00a0<strong>M<\/strong><strong>uss lists of the DSK and the BfDI<\/strong><\/li>\n<\/ul>\n<\/div><\/section><br \/>\n<br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-2vz4hf-b6633c1047a2235708309cd4ad8aa155\">\n.avia_message_box.av-2vz4hf-b6633c1047a2235708309cd4ad8aa155{\nbackground-color:rgba(244,150,0,0.3);\ncolor:#303440;\n}\n.avia_message_box.av-2vz4hf-b6633c1047a2235708309cd4ad8aa155 .avia_message_box_icon.avia-svg-icon svg:first-child{\nfill:#303440;\nstroke:#303440;\n}\n<\/style>\n<div id='avia-messagebox-' class='avia_message_box av_notification av-2vz4hf-b6633c1047a2235708309cd4ad8aa155 avia-color-custom avia-size-large avia-icon_select-no avia-border-  avia-builder-el-21  el_after_av_codeblock  avia-builder-el-last  tp_en2' ><div class=\"avia_message_box_content\"><p>Unfortunately this content is currently only available in German. Please feel free to <a href=\"https:\/\/www.robin-data.io\/en\/contact#formular\">contact us<\/a> for more information.<\/p>\n<\/div><\/div><\/p><\/div>\n<div  id=\"definition-dsfa\"  class='flex_column av-kyliff3g-463c774f63e5ad873666c8a3b3e0bf8c av_one_full  avia-builder-el-22  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyli0fi6-fb4ee43a133d03ee57d6511431d32a85\">\n#top .av-special-heading.av-kyli0fi6-fb4ee43a133d03ee57d6511431d32a85{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kyli0fi6-fb4ee43a133d03ee57d6511431d32a85 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kyli0fi6-fb4ee43a133d03ee57d6511431d32a85 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-kyli0fi6-fb4ee43a133d03ee57d6511431d32a85 av-special-heading-h2  avia-builder-el-23  el_before_av_hr  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >What is a data protection impact assessment?<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-mxqa03-812116eff938b7e3df2c5762f374cae0\">\n#top .hr.hr-invisible.av-mxqa03-812116eff938b7e3df2c5762f374cae0{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-mxqa03-812116eff938b7e3df2c5762f374cae0 hr-invisible  avia-builder-el-24  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kylie52c-cc94273f40618ba77412995f61f07672'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The <strong>Data protection impact assessment or \"DPIA\" for short<\/strong> is an instrument of the <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/general-data-protection-regulation-eu-gdpr\">General Data Protection Regulation (GDPR)<\/a>to protect personal data in processing activities. This protection is ensured through a risk analysis, which is used to analyse the possible consequences of processing operations. The DPIA is therefore also considered part of the data protection <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/compliance-management-in-the-company-3\">Risk management<\/a> considered. The data protection background is described in <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 35 of the GDPR<\/a> defined.<\/p>\n<p>The aim of carrying out a DPIA is to take appropriate protective measures in the form of technical and organisational measures at an early stage in order to reduce the probability of occurrence of the identified risks.<\/p>\n<\/div><\/section><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylovi6e-e0484f93aa2e2de1ebb06743bd965d93\">\n.flex_column.av-kylovi6e-e0484f93aa2e2de1ebb06743bd965d93{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"pflicht-dsfa\"  class='flex_column av-kylovi6e-e0484f93aa2e2de1ebb06743bd965d93 av_one_full  avia-builder-el-26  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylm8b7j-1521af926d0e9cb1048b6093a1706415\">\n#top .av-special-heading.av-kylm8b7j-1521af926d0e9cb1048b6093a1706415{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylm8b7j-1521af926d0e9cb1048b6093a1706415 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylm8b7j-1521af926d0e9cb1048b6093a1706415 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-kylm8b7j-1521af926d0e9cb1048b6093a1706415 av-special-heading-h2  avia-builder-el-27  el_before_av_hr  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >The standard examples pursuant to Article 35 (3) of the GDPR: When is a data protection impact assessment mandatory?<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-k2mfgj-580e087a896628ceeae8972c2b38f79e\">\n#top .hr.hr-invisible.av-k2mfgj-580e087a896628ceeae8972c2b38f79e{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-k2mfgj-580e087a896628ceeae8972c2b38f79e hr-invisible  avia-builder-el-28  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kylijl3y-aaa036114c8bd5b35bfd4efc5ec7196c'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Every company should check planned data processing operations to see whether they entail a risk to the rights and freedoms of natural persons. However, not every processing activity entails the obligation to carry out a <strong>data protection impact assessment<\/strong>.<\/p>\n<p>In the <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/general-data-protection-regulation-eu-gdpr\">General Data Protection Regulation<\/a> in <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 Para. 3<\/a> is a general description of the three so-called \"<strong>examples of rules\"<\/strong> which require a data protection impact assessment in any case:<\/p>\n<ul>\n<li><strong>Systematic and comprehensive assessment<\/strong> personal aspects of natural persons which are related to automated processing including <strong>profiling<\/strong> and which in turn serves as the basis for decisions which have legal effect vis-\u00e0-vis natural persons or affect them in a similarly significant way;<\/li>\n<li><strong>Extensive processing of special categories<\/strong> personal data referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10 (e.g. health data), or<\/li>\n<li><strong>Systematic comprehensive monitoring<\/strong> publicly accessible areas (e.g. video surveillance);<\/li>\n<\/ul>\n<p>From these three points, three cases can be derived in which public and non-public bodies are obliged to carry out a DSFA prior check:<\/p>\n<ul>\n<li>Credit reporting agencies that deal with personal <strong>scoring procedure<\/strong> work<\/li>\n<li>Organisations that systematically <strong>monitor publicly accessible rooms by video<\/strong><\/li>\n<li class=\"translation-block\">Organisations that collect, store and process <strong>data<\/strong> relating to <strong>criminal offences and criminal convictions<\/strong><\/li>\n<\/ul>\n<\/div><\/section><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylowrqw-2a8cdb01661da76baa968a03de3fff72\">\n.flex_column.av-kylowrqw-2a8cdb01661da76baa968a03de3fff72{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"zeitpunkt-dsfa\"  class='flex_column av-kylowrqw-2a8cdb01661da76baa968a03de3fff72 av_one_full  avia-builder-el-30  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyljsk2v-e1c904d15bec6ee75b693375030517fd\">\n#top .av-special-heading.av-kyljsk2v-e1c904d15bec6ee75b693375030517fd{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kyljsk2v-e1c904d15bec6ee75b693375030517fd .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kyljsk2v-e1c904d15bec6ee75b693375030517fd .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"zeitpunkt-dsfa\"  class='av-special-heading av-kyljsk2v-e1c904d15bec6ee75b693375030517fd av-special-heading-h3 blockquote modern-quote  avia-builder-el-31  el_before_av_hr  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >At what point should the DPIA be carried out?<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-1zausz-758d9831abc3c3c8c2684774317e4262\">\n#top .hr.hr-invisible.av-1zausz-758d9831abc3c3c8c2684774317e4262{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-1zausz-758d9831abc3c3c8c2684774317e4262 hr-invisible  avia-builder-el-32  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-h133kz-ce81ad6753e2a599389c7f734268a615'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>A data protection impact assessment is a complex process of <strong>before starting processing<\/strong> must be carried out. However, existing processing activities must also be reviewed to determine whether they also fall under the obligation of a DPIA. The <a href=\"https:\/\/www.lda.bayern.de\/media\/dsk_kpnr_5_dsfa.pdf\" target=\"_blank\" rel=\"noopener\">Data Protection Conference (DSK)<\/a> assesses the preparation of a DPIA as relatively time-consuming and recommends its implementation, supported by a data protection management system. Especially since the preparation of the data protection impact assessment is not a one-time process, but rather a continuous process of preparation, execution, implementation and review. The assessment of risks per processing activity is linked to the <a href=\"https:\/\/www.robin-data.io\/en\/complianceos\" target=\"_blank\" rel=\"noopener\">Robin Data ComplianceOS\u00ae<\/a> possible.<\/p>\n<\/div><\/section><\/p><\/div>\n<div  id=\"muss-liste-dsfa\"  class='flex_column av-kyllgv5a-d5b61246e72e2434e3178936e73cfcce av_one_full  avia-builder-el-34  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylkn9rl-195ac1a4a3d48f0124f940bbfc3078ea\">\n#top .av-special-heading.av-kylkn9rl-195ac1a4a3d48f0124f940bbfc3078ea{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylkn9rl-195ac1a4a3d48f0124f940bbfc3078ea .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylkn9rl-195ac1a4a3d48f0124f940bbfc3078ea .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-kylkn9rl-195ac1a4a3d48f0124f940bbfc3078ea av-special-heading-h3  avia-builder-el-35  el_before_av_hr  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >What is the must list of a data protection impact assessment according to Art. 35 (4) GDPR?<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-gd2wgz-c49fa092cce95248a8b679873da21ce1\">\n#top .hr.hr-invisible.av-gd2wgz-c49fa092cce95248a8b679873da21ce1{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-gd2wgz-c49fa092cce95248a8b679873da21ce1 hr-invisible  avia-builder-el-36  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kyllgl4b-8782917b6a4ee3e7af0efb9755729b5d'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>According to <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 (4) DSGVO<\/a> data protection supervisory authorities shall be obliged to publish a list of the processing operations for which a data protection impact assessment is to be carried out in accordance with paragraph 1. The supervisory authority shall communicate those lists to the Committee referred to in Article 68.<\/p>\n<p>You will find an <strong>Overview of the must-do lists per federal state<\/strong> you will find in the section <a href=\"#downloads\">Publications and downloads<\/a>.<\/p>\n<p>If a processing activity is included in the list, a data protection impact assessment must be carried out for it. The lists of the supervisory authorities are continuously extended and are therefore not to be regarded as conclusive. As a matter of principle, controllers must check whether one of the cases from <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 (3) DSGVO<\/a> or a high risk according to <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 para. 1 DSGVO<\/a> is available.<\/p>\n<\/div><\/section><br \/>\n<div id='avia-messagebox-' class='avia_message_box av_notification av-e0e7dv-4bf27c2d80f86559fc153457def8ea0b avia-color-blue avia-size-large avia-icon_select-yes avia-border-  avia-builder-el-38  el_after_av_textblock  avia-builder-el-last' ><span class='avia_message_box_title' >Note<\/span><div class=\"avia_message_box_content\"><span class='avia_message_box_icon avia-iconfont avia-font-entypo-fontello' data-av_icon='\ue864' data-av_iconfont='entypo-fontello' ><\/span><p>We continuously incorporate the current status of the positive and negative lists of the data protection supervisory authorities into our Robin Data software. So you have all the information in one place.<\/p>\n<\/div><\/div><\/p><\/div>\n<div  id=\"mindestinhalt-dsfa\"  class='flex_column av-kyllihfg-02b98452307a8e8be813e4d7eb62138c av_one_full  avia-builder-el-39  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylkjtfy-3032a838b9b46af0b847ad1f19bb33a9\">\n#top .av-special-heading.av-kylkjtfy-3032a838b9b46af0b847ad1f19bb33a9{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylkjtfy-3032a838b9b46af0b847ad1f19bb33a9 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylkjtfy-3032a838b9b46af0b847ad1f19bb33a9 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"mindestinhalte-dsfa\"  class='av-special-heading av-kylkjtfy-3032a838b9b46af0b847ad1f19bb33a9 av-special-heading-h3  avia-builder-el-40  el_before_av_hr  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >What are the minimum contents of the data protection impact assessment pursuant to Article 35 (7) of the GDPR?<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-c86lsj-716aaaa5649e4b9a3b21f7f4c5fb2b66\">\n#top .hr.hr-invisible.av-c86lsj-716aaaa5649e4b9a3b21f7f4c5fb2b66{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-c86lsj-716aaaa5649e4b9a3b21f7f4c5fb2b66 hr-invisible  avia-builder-el-41  el_after_av_heading  el_before_av_textblock'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<section  class='av_textblock_section av-kylkii47-e06ca36821c67843e4c9fb776f8aca7a'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>According to <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 (7) DSGVO<\/a> are the minimum requirements for carrying out an <strong>impact assessment<\/strong> described as follows:<\/p>\n<ol style=\"list-style-type: lower-alpha;\">\n<li>a systematic description of the intended processing operations and the purposes of the processing, including, where appropriate, the legitimate interests pursued by the controller;<\/li>\n<li>an assessment of the necessity and proportionality of the processing operations in relation to the purpose;<\/li>\n<li>an assessment of the risks to the rights and freedoms of the data subjects referred to in paragraph 1; and<\/li>\n<li>the mitigating measures envisaged to address the risks, including safeguards, security measures and procedures to ensure the protection of personal data and to demonstrate compliance with this Regulation, taking into account the rights and legitimate interests of data subjects and other data subjects.<\/li>\n<\/ol>\n<\/div><\/section><\/p><\/div>\n<div  id=\"durchfuehrung-dsfa\"  class='flex_column av-kyljrh6f-0e4a5ccc685c6d4e1618f9e5a67ad286 av_one_full  avia-builder-el-43  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylp1a6o-129c2e786cca20687782b681657d0e20\">\n#top .av-special-heading.av-kylp1a6o-129c2e786cca20687782b681657d0e20{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylp1a6o-129c2e786cca20687782b681657d0e20 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylp1a6o-129c2e786cca20687782b681657d0e20 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"durchfuehrung-dsfa\"  class='av-special-heading av-kylp1a6o-129c2e786cca20687782b681657d0e20 av-special-heading-h2  avia-builder-el-44  avia-builder-el-no-sibling'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >Carrying out the data protection impact assessment in 6 steps<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><\/div>\n<div  id=\"schritt-1\"  class='flex_column av-kylp2dia-83add59d9d8df002e4f395b1c4cb32cf av_one_full  avia-builder-el-45  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyljsbgr-5ea7fb28fd130aea62f616d46ce58f4b\">\n#top .av-special-heading.av-kyljsbgr-5ea7fb28fd130aea62f616d46ce58f4b{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kyljsbgr-5ea7fb28fd130aea62f616d46ce58f4b .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kyljsbgr-5ea7fb28fd130aea62f616d46ce58f4b .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"schwellwertanalyse\"  class='av-special-heading av-kyljsbgr-5ea7fb28fd130aea62f616d46ce58f4b av-special-heading-h3 blockquote modern-quote  avia-builder-el-46  el_before_av_textblock  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Step 1: Planning and analysis of the processing activity<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kylk3nnz-20ded0c7d6f0c88d4b88a36c92679a79'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The data protection impact assessment should be carried out before the introduction of the processing activity. As a first step, data controllers should therefore collect and describe planned processing activities and then check them by means of risk analysis. Existing processing activities must also be checked to see whether they also fall under the obligation of a data protection impact assessment. The preparation of the data protection impact assessment should not be regarded as a one-off process, but as a continuous process within data protection management.<\/p>\n<\/div><\/section><\/p><\/div>\n<div  id=\"schritt-2\"  class='flex_column av-kylp3bv8-1abbe3de295273bfe54788a9fd0f8574 av_one_full  avia-builder-el-48  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylokg4j-01490da0b6a1e5bf79e7970bf31ffd38\">\n#top .av-special-heading.av-kylokg4j-01490da0b6a1e5bf79e7970bf31ffd38{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylokg4j-01490da0b6a1e5bf79e7970bf31ffd38 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylokg4j-01490da0b6a1e5bf79e7970bf31ffd38 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-kylokg4j-01490da0b6a1e5bf79e7970bf31ffd38 av-special-heading-h3 blockquote modern-quote  avia-builder-el-49  el_before_av_textblock  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Step 2: Check the need for a DPIA<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-bcxryr-838001bd54150a7698152419e1cfe132'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong>The following approach is recommended:<\/strong><\/p>\n<ul>\n<li>Check: Is the processing activity part of the \"<a href=\"#downloads\">Must-List<\/a>\" of the competent supervisory authority)<\/li>\n<li>If not: If one of the points under <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 (3) DSGVO<\/a> to the processing activity?<\/li>\n<li>If not: Is there a high risk according to <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 35 para. 1 DSGVO<\/a> before? (Carry out the <a href=\"#schwellwertanalyse\">Threshold analysis<\/a>)<\/li>\n<li>If not: No data protection impact assessment needs to be carried out<\/li>\n<\/ul>\n<\/div><\/section><\/p><\/div>\n<div  id=\"schritt-1\"  class='flex_column av-4mgcpf-967ceeb500a1b9d671563fd744fff60b av_one_full  avia-builder-el-51  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kyo64sss-863b98ba966a13adaddbe12aa145ba96\">\n#top .av-special-heading.av-kyo64sss-863b98ba966a13adaddbe12aa145ba96{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kyo64sss-863b98ba966a13adaddbe12aa145ba96 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kyo64sss-863b98ba966a13adaddbe12aa145ba96 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"schritt-3\"  class='av-special-heading av-kyo64sss-863b98ba966a13adaddbe12aa145ba96 av-special-heading-h3 blockquote modern-quote  avia-builder-el-52  el_before_av_textblock  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Step 3: Assessment of processing activities by means of threshold analysis<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-38mddf-291f517d22d72179db482bec81553647'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The register of processing activities contains all data processing processes of your company. The better the documentation of the processing activities, the easier the subsequent data protection impact assessment. Accordingly, the directory is also the starting point for the DPIA and, at best, the following is done directly in it <strong>threshold analysis of the respective processing activity<\/strong> and the classification of whether the respective processing activity requires a data protection impact assessment.<\/p>\n<ul class=\"m-bulletpoint\">\n<li>Controllers can assess whether a DIA needs to be carried out for processing activities by means of a systematic risk assessment, the so-called threshold analysis.<\/li>\n<li>The results of the threshold analysis are part of the data protection documentation<\/li>\n<li>It is recommended to document the threshold analysis in the respective processing activity<\/li>\n<li>The preliminary stage of a risk analysis is an assessment of the need for protection of the personal data to be processed based on the types of data (customer data, employee data, tax data, health data, etc.).<\/li>\n<\/ul>\n<p>A data protection impact assessment is necessary for a processing activity if the majority of the <strong>threshold analysis criteria<\/strong> are fulfilled. The criteria are taken from the <a href=\"https:\/\/www.datenschutz-bayern.de\/technik\/orient\/wp248.pdf\" target=\"_blank\" rel=\"noopener\">WP 248 Rev. 01<\/a> to classify processing operations and are the following:<\/p>\n<ul>\n<li>Data of vulnerable data subjects are processed<\/li>\n<li>Transfer of personal data outside the EU takes place<\/li>\n<li>Novel technologies are used<\/li>\n<li>Scoring, profiling, evaluation of persons is carried out<\/li>\n<li>Data files of personal data are compared or merged<\/li>\n<li>Systematic monitoring of persons is carried out<\/li>\n<li>Personal data on a large scale are processed<\/li>\n<li>Impeded exercise of data subjects' rights exists<\/li>\n<li>Sensitive personal data are processed (Pursuant to Art. 9 DSGVO)<\/li>\n<li>Automated individual case decisions are carried out<\/li>\n<\/ul>\n<\/div><\/section><\/p><\/div>\n<div  id=\"schritt-3\"  class='flex_column av-kylp4ael-6f7d9e24480298e916b885a5225f489f av_one_full  avia-builder-el-54  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylnoder-50fe9fc566845023b0e959298d23cbe3\">\n#top .av-special-heading.av-kylnoder-50fe9fc566845023b0e959298d23cbe3{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylnoder-50fe9fc566845023b0e959298d23cbe3 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylnoder-50fe9fc566845023b0e959298d23cbe3 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"schritt-4\"  class='av-special-heading av-kylnoder-50fe9fc566845023b0e959298d23cbe3 av-special-heading-h3 blockquote modern-quote  avia-builder-el-55  el_before_av_textblock  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Step 4: Assess the existing risks<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kylo4ikc-3f12088f7444a7c7fc7e59734d1a51d7'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Once the existing risks have been identified on the basis of the processing activities in the company, the level of risk to the rights and freedoms of natural persons must be assessed. For this purpose, the following aspects (<a href=\"https:\/\/help.robin-data.io\/erwgr-75-dsgvo\" target=\"_blank\" rel=\"noopener\">Recital 75 of the GDPR<\/a>) in more detail:<\/p>\n<ul>\n<li><strong>Probability of occurrence and amount of damage: <\/strong>The probability of occurrence and the amount of damage of a risk can be classified as negligible, low, medium or high.<\/li>\n<li><strong>Danger to the civil liberties of those affected: <\/strong>The processing of personal data that does not comply with data protection law can have far-reaching consequences. It can lead to physical, material or non-material damage. In particular, if the processing leads to discrimination, identity theft or fraud, financial loss, damage to reputation, and more.<\/li>\n<li><strong>Assessment of the risk: <\/strong>On the basis of the possible consequences for the civil liberties of those affected, the overall risk for those affected must be assessed. The consequences for those affected range from no impairment, no particular impairment, impairment of reputation, existence or even danger to life, limb or personal freedom.<\/li>\n<li><strong>Risk minimisation measures:\u00a0<\/strong>Based on the previous steps, measures must therefore be defined with the help of which the existing risk can be avoided, transferred or mitigated.<\/li>\n<li><strong>Implementation effort: <\/strong>The effort of the measures to be implemented should also be included. Measures should be implementable with a proportionate effort in relation to the purpose, risk and possibilities of the responsible party.<\/li>\n<li><strong>Risk assessment after the measure has been taken: <\/strong>Controllers then assess whether the risk has been adequately reduced on the basis of the measures implemented. If the risk has not been adequately reduced, the processing activity concerned may not be continued.<\/li>\n<\/ul>\n<\/div><\/section><\/p><\/div>\n<div  id=\"schritt-4\"  class='flex_column av-kylp5fsm-a9f4a2ae017613b7c13499f41877d7a2 av_one_full  avia-builder-el-57  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylo9n2q-2b5b6b2dc95d8365916a3c7c63a60e12\">\n#top .av-special-heading.av-kylo9n2q-2b5b6b2dc95d8365916a3c7c63a60e12{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylo9n2q-2b5b6b2dc95d8365916a3c7c63a60e12 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylo9n2q-2b5b6b2dc95d8365916a3c7c63a60e12 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"schritt-5\"  class='av-special-heading av-kylo9n2q-2b5b6b2dc95d8365916a3c7c63a60e12 av-special-heading-h3 blockquote modern-quote  avia-builder-el-58  el_before_av_textblock  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Step 5: Selection of suitable measures to reduce the risks<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kylo971m-6d6ba4975018da70fa1146f86fdade50'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>The identified risks must be reduced or even prevented by appropriate measures. For this purpose, appropriate technical or organisational measures are selected, assessed and implemented. If it turns out during implementation that planned measures are not effective or sufficient to reduce the risks, new measures must be selected or the processing activities must be adapted. After the measures have been established, they are tested for their effectiveness.<\/p>\n<\/div><\/section><\/p><\/div>\n<div  id=\"schritt-5\"  class='flex_column av-kylp6dr5-10f1e3908637499e5c158bbaf616627a av_one_full  avia-builder-el-60  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylobf7e-6c4e8d01a33f373478bb02a70f1bf557\">\n#top .av-special-heading.av-kylobf7e-6c4e8d01a33f373478bb02a70f1bf557{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylobf7e-6c4e8d01a33f373478bb02a70f1bf557 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylobf7e-6c4e8d01a33f373478bb02a70f1bf557 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"schritt-6\"  class='av-special-heading av-kylobf7e-6c4e8d01a33f373478bb02a70f1bf557 av-special-heading-h3 blockquote modern-quote  avia-builder-el-61  el_before_av_textblock  avia-builder-el-first'><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Step 6: Documentation of the data protection impact assessment carried out<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kyloihpy-7df7ece9f834c336a941864f4438c6f6'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>According to <a href=\"https:\/\/help.robin-data.io\/artikel-5-dsgvo\" target=\"_blank\" rel=\"noopener\">Art. 5 para. 2 GDPR.<\/a> the controller is obliged to comply with a documentation and accountability obligation by which compliance with the General Data Protection Regulation must be demonstrated to the supervisory authority. The documentation of the data protection impact assessment carried out and a confirmation of the effectiveness of the implemented measures are important building blocks for fulfilling this obligation.<\/p>\n<\/div><\/section><\/p><\/div>\n<div  id=\"video\"  class='flex_column av-l0s6tvhr-4c6a5794c567a1c5fb7d18bf1e1c286f av_one_full  avia-builder-el-63  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kmorlk0z-7d9f6d800898e8f2c5b6a241cc5d6d17\">\n.flex_column.av-kmorlk0z-7d9f6d800898e8f2c5b6a241cc5d6d17{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"bussgelder\"  class='flex_column av-kmorlk0z-7d9f6d800898e8f2c5b6a241cc5d6d17 av_one_full  avia-builder-el-65  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-ari0j-15960d4279f95721b385ed79e4cef38f\">\n#top .av-special-heading.av-ari0j-15960d4279f95721b385ed79e4cef38f{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-ari0j-15960d4279f95721b385ed79e4cef38f .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-ari0j-15960d4279f95721b385ed79e4cef38f .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-ari0j-15960d4279f95721b385ed79e4cef38f av-special-heading-h2 blockquote modern-quote  avia-builder-el-66  el_before_av_textblock  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >What can happen if companies do not perform a DPIA?<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kmolmarf-3-8cfc0caf2a61903d774cd444c03dc7d4'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Insofar as a company does not carry out a data protection impact assessment, although this would be necessary, in the mildest case there is the threat of warnings and in the worst case fines by the data protection supervisory authorities.  Thus, according to <a href=\"https:\/\/help.robin-data.io\/artikel-83-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 83(4) of the GDPR<\/a> fines for breaches of provisions relating to data protection impact assessment of up to EUR 10 million or, in the case of an undertaking, of up to 2 % of its total annual worldwide turnover in the preceding business year, whichever is the greater.<\/p>\n<\/div><\/section><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylp7mn1-10021cd2bfe53e5df2babac054cf8ad7\">\n.flex_column.av-kylp7mn1-10021cd2bfe53e5df2babac054cf8ad7{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"dsfa-rolle-dsb\"  class='flex_column av-kylp7mn1-10021cd2bfe53e5df2babac054cf8ad7 av_one_full  avia-builder-el-68  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylmxiib-baf06cfbc90f6b7889fd139f594ba067\">\n#top .av-special-heading.av-kylmxiib-baf06cfbc90f6b7889fd139f594ba067{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylmxiib-baf06cfbc90f6b7889fd139f594ba067 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylmxiib-baf06cfbc90f6b7889fd139f594ba067 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"dsfa-rolle-dsb\"  class='av-special-heading av-kylmxiib-baf06cfbc90f6b7889fd139f594ba067 av-special-heading-h2 blockquote modern-quote  avia-builder-el-69  el_before_av_textblock  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >Is the implementation of the DPIA the responsibility of the data protection officer?<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kylmwijg-de1d735345647d042b5e8d54394916f0'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>According to <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\" target=\"_blank\" rel=\"noopener\">Article 35(1) GDPR<\/a> the controller must carry out the data protection impact assessment. Since the DSFA is a complex procedure, the <a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-officer-gdpr\">Data Protection Officer<\/a> during the implementation according to <a href=\"https:\/\/help.robin-data.io\/artikel-35-dsgvo\">Art. 35 (2) DSGVO<\/a> support. This only applies in the event that a data protection officer has been appointed.<\/p>\n<\/div><\/section><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-5en877-ab92a72cf9e16101475a4c1f603cbca3\">\n.flex_column.av-5en877-ab92a72cf9e16101475a4c1f603cbca3{\npadding:35px 25px 30px 25px;\nbackground-color:#b3dff1;\n}\n<\/style>\n<div  class='flex_column av-5en877-ab92a72cf9e16101475a4c1f603cbca3 av_one_full  avia-builder-el-71  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><section  class='av_textblock_section av-kympdjbv-4efe73ab7b8e2fdd35a310eac54c3652'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p style=\"font-size: 20px;\"><strong>Support in the implementation of DPIAs<\/strong><\/p>\n<p>Implementing the various legal and normative requirements of data protection impact assessment can seem complicated. Regular reviews and updates of processing activities and data subject risk assessment are an essential part of your data protection management system. Our Data Protection Officers (DPOs) are happy to help you implement your DPIAs. Find out about the benefits, process and costs with Robin Data.<\/p>\n<\/div><\/section><br \/>\n<div  class='avia-button-wrap av-kympdzvv-014a1ea5a40d326c13e33de94f90e21a-wrap avia-button-left  avia-builder-el-73  el_after_av_textblock  avia-builder-el-last'><a href='https:\/\/www.robin-data.io\/en\/data-protection-impact-assessment-2'  class='avia-button av-kympdzvv-014a1ea5a40d326c13e33de94f90e21a av-link-btn avia-icon_select-no avia-size-large avia-position-left avia-color-theme-color'   aria-label=\"Discover COS function DFSA\"><span class='avia_iconbox_title' >Discover COS function DFSA<\/span><\/a><\/div><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kymp686w-fafc242eb808c3ba8440651354957f49\">\n.flex_column.av-kymp686w-fafc242eb808c3ba8440651354957f49{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  id=\"dsfa-robin-data-software\"  class='flex_column av-kymp686w-fafc242eb808c3ba8440651354957f49 av_one_full  avia-builder-el-74  el_after_av_one_full  el_before_av_one_full  first flex_column_div av-zero-column-padding  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kymp6te8-c9bf8affb0c78e4545d45db22e60d614\">\n#top .av-special-heading.av-kymp6te8-c9bf8affb0c78e4545d45db22e60d614{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kymp6te8-c9bf8affb0c78e4545d45db22e60d614 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kymp6te8-c9bf8affb0c78e4545d45db22e60d614 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  id=\"dsfa-rolle-dsb\"  class='av-special-heading av-kymp6te8-c9bf8affb0c78e4545d45db22e60d614 av-special-heading-h2 blockquote modern-quote  avia-builder-el-75  el_before_av_textblock  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >Data protection impact assessment with Robin Data software<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<section  class='av_textblock_section av-kymodhti-29cfdaf8b0c942f615365270ffb34adf'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3>Import processing activities<\/h3>\n<p>The special thing about Robin Data is that the data protection software already has thousands\u00a0<strong>examples and templates<\/strong> from the area of data protection. These have been added by Robin Data's data protection officers and lawyers to the database of our\u00a0<a href=\"https:\/\/www.robin-data.io\/en\/complianceos\">compliance platform.<\/a> entered into the system. You can import the processing activities that apply to your company from the Robin Data database with just a few clicks.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/fs.hubspotusercontent00.net\/hubfs\/4971201\/Bilder\/Datenschutz-Software\/verzeichnis-der-verarbeitungstaetigkeiten-importieren.jpg\" alt=\"Import the processing activity templates into your data protection documentation\" width=\"849\" height=\"672\" \/><\/p>\n<h3>Perform threshold analysis<\/h3>\n<p>Use the online form to assess the risks posed to data subjects by this processing activity. As a rule of thumb, a data protection impact assessment is required if at least 2 or more of the following criteria are met <em>fulfilled.<\/em> If necessary, it is necessary to prepare a data protection impact assessment.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.robin-data.io\/2022\/01\/20090431\/verzeichnis-der-verarbeitungstaetigkeiten-risikobewertung.jpg\" alt=\"Import the processing activity templates into your data protection documentation\" width=\"849\" height=\"672\" \/><\/p>\n<h3>Carry out a data protection impact assessment<\/h3>\n<p>You can create several DPIAs per processing activity and thus treat several risks of this procedure separately. In many cases, it may be appropriate to prepare only one DPIA per procedure. You develop the necessary contents of the data protection impact assessment step by step and establish relevant contents for risk treatment.<\/p>\n<h3>Technical or organisational measures<\/h3>\n<p>Search Robin Data's database for suitable risk reduction measures and import them into your data protection documentation. You can store the selected measures directly with the corresponding processing activity.<\/p>\n<h3>Implement data protection documentation on the side<\/h3>\n<p>By working out the relevant steps for a data protection impact assessment in the Robin Data software, you document them simultaneously and automatically. You can export important components such as the list of processing activities as a PDF from the software and save it locally. In this way, you comply with the verification and accountability obligations of the GDPR and are prepared for an inspection by a data protection supervisory authority.<\/p>\n<\/div><\/section><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-4qwob7-57b5d79189029676fdac1bfe30ea1a8e\">\n.flex_column.av-4qwob7-57b5d79189029676fdac1bfe30ea1a8e{\npadding:35px 25px 30px 25px;\nbackground-color:#b3dff1;\n}\n<\/style>\n<div  class='flex_column av-4qwob7-57b5d79189029676fdac1bfe30ea1a8e av_one_full  avia-builder-el-77  el_after_av_one_full  el_before_av_one_full  first flex_column_div  column-top-margin'     ><section  class='av_textblock_section av-31hdtv-5b7c2aaf8d22d06ace85998ade832696'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p style=\"font-size: 20px;\"><strong>Visit our free demos<\/strong><\/p>\n<p>We regularly offer online demos in which we introduce you to our Robin Data data protection software. Get insight into the structure and functional scope of the digital activity report of the Robin Data software. Our experts will give you and other interested parties comprehensive insight and answer your questions.<\/p>\n<\/div><\/section><br \/>\n<div  class='avia-button-wrap av-kymphk5y-7bc88d51f150d2680e1c5269931e7610-wrap avia-button-left  avia-builder-el-79  el_after_av_textblock  avia-builder-el-last'><a href='https:\/\/www.robin-data.io\/en\/events\/demo'  class='avia-button av-kymphk5y-7bc88d51f150d2680e1c5269931e7610 av-link-btn avia-icon_select-no avia-size-large avia-position-left avia-color-theme-color'   aria-label=\"Book a demo\"><span class='avia_iconbox_title' >Book a demo<\/span><\/a><\/div><\/p><\/div>\n<div  id=\"downloads\"  class='flex_column av-kylihz0k-0d9c674bf8db31a02a991f9475d05aab av_one_full  avia-builder-el-80  el_after_av_one_full  el_before_av_hr  first flex_column_div  column-top-margin'     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylii7vx-4cc3eeaf45088a6fec7691c6a3161ba4\">\n#top .av-special-heading.av-kylii7vx-4cc3eeaf45088a6fec7691c6a3161ba4{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-kylii7vx-4cc3eeaf45088a6fec7691c6a3161ba4 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-kylii7vx-4cc3eeaf45088a6fec7691c6a3161ba4 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-kylii7vx-4cc3eeaf45088a6fec7691c6a3161ba4 av-special-heading-h2 blockquote modern-quote  avia-builder-el-81  el_before_av_hr  avia-builder-el-first'><h2 class='av-special-heading-tag'  itemprop=\"headline\"  >Publications and downloads<\/h2><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-x2trn-b453adec68b7d7fd28995768f3ac61a1\">\n#top .hr.hr-invisible.av-x2trn-b453adec68b7d7fd28995768f3ac61a1{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-x2trn-b453adec68b7d7fd28995768f3ac61a1 hr-invisible  avia-builder-el-82  el_after_av_heading  el_before_av_toggle_container'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73\">\n#top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 p.toggler{\ncolor:#303440;\nbackground-color:#f7f7f7;\nborder-color:#ffffff;\n}\n#top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 p.toggler.activeTitle{\ncolor:#127db3;\nborder-color:#127db3;\n}\n#top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 p.toggler:not(.activeTitle):hover{\ncolor:#ffffff;\nbackground-color:#127db3;\n}\n#top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 p.toggler:not(.activeTitle):hover .toggle_icon, #top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 p.toggler:not(.activeTitle):hover .toggle_icon *{\nborder-color:#ffffff !important;\n}\n#top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 p.toggler .toggle_icon{\ncolor:#303440;\nborder-color:#303440;\n}\n#top .togglecontainer.av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 .toggle_wrap .toggle_content{\ncolor:#303440;\nbackground-color:#f7f7f7;\nborder-color:#ffffff;\n}\n<\/style>\n<div  class='togglecontainer av-kylj9mcv-e6960d78d6751c58d64b2f1ee4614a73 av-elegant-toggle  avia-builder-el-83  el_after_av_hr  avia-builder-el-last  toggle_close_all hasCurrentStyle'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/FAQPage\" >\n<section class='av_toggle_section av-kylj96h3-35fff5a1fcc6889e1cf34627c66e5f29'  itemscope=\"itemscope\" itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" ><div role=\"tablist\" class=\"single_toggle\" data-tags=\"{All} \"  ><p id='toggle-toggle-id-1' data-fake-id='#toggle-id-1' class='toggler  av-title-above av-inherit-font-color hasCustomColor av-inherit-border-color'  itemprop=\"name\"  role='tab' tabindex='0' aria-controls='toggle-id-1' data-slide-speed=\"200\" data-title=\"Europa\" data-title-open=\"\" data-aria_collapsed=\"Click to expand: Europa\" data-aria_expanded=\"Click to collapse: Europa\">Europe<span class=\"toggle_icon\"><span class=\"vert_icon\"><\/span><span class=\"hor_icon\"><\/span><\/span><\/p><div id='toggle-id-1' aria-labelledby='toggle-toggle-id-1' role='region' class='toggle_wrap  av-title-above'   itemscope=\"itemscope\" itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" ><div class='toggle_content invers-color av-inherit-font-color hasCustomColor av-inherit-border-color'  itemprop=\"text\" ><h4>European Data Protection Board<\/h4>\n<ul>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-bayern.de\/technik\/orient\/wp248.pdf\" target=\"_blank\" rel=\"noopener\">Guidance on data protection impact assessment (DPIA) and answering the question whether a processing operation is \"likely to result in a high risk\" within the meaning of Regulation 2016\/679 (WP 248 Rev. 01)<\/a><\/li>\n<\/ul>\n<h4>French Data Protection Supervisory Authority<\/h4>\n<ul>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.cnil.fr\/en\/open-source-pia-software-helps-carry-out-data-protection-impact-assesment\" target=\"_blank\" rel=\"noopener\">PIA software for conducting data protection impact assessments<\/a><\/li>\n<\/ul>\n<\/div><\/div><\/div><\/section>\n<section class='av_toggle_section av-kylj9b2d-fbdd88971152a4d48b55645a973607fd'  itemscope=\"itemscope\" itemprop=\"mainEntity\" itemtype=\"https:\/\/schema.org\/Question\" ><div role=\"tablist\" class=\"single_toggle\" data-tags=\"{All} \"  ><p id='toggle-toggle-id-2' data-fake-id='#toggle-id-2' class='toggler  activeTitle av-title-above av-inherit-font-color hasCustomColor av-inherit-border-color'  itemprop=\"name\"  role='tab' tabindex='0' aria-controls='toggle-id-2' data-slide-speed=\"200\" data-title=\"Deutschland\" data-title-open=\"\" data-aria_collapsed=\"Click to expand: Deutschland\" data-aria_expanded=\"Click to collapse: Deutschland\">Germany<span class=\"toggle_icon\"><span class=\"vert_icon\"><\/span><span class=\"hor_icon\"><\/span><\/span><\/p><div id='toggle-id-2' aria-labelledby='toggle-toggle-id-2' role='region' class='toggle_wrap  active_tc av-title-above' style='display:block;'  itemscope=\"itemscope\" itemprop=\"acceptedAnswer\" itemtype=\"https:\/\/schema.org\/Answer\" ><div class='toggle_content invers-color av-inherit-font-color hasCustomColor av-inherit-border-color'  itemprop=\"text\" ><h4>The Federal Data Protection Commissioner's \"must list\" for data protection and information security<\/h4>\n<ul>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/Muster\/Liste_VerarbeitungsvorgaengeArt35.pdf;jsessionid=38EA3F1663932EA108B00663BA7775DF.intranet211?__blob=publicationFile&amp;v=5\" target=\"_blank\" rel=\"noopener\">List of processing operations pursuant to Article 35(4) of the GDPR for processing activities of federal public bodies<\/a><\/li>\n<\/ul>\n<h4>Data Protection Conference<\/h4>\n<ul>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutzkonferenz-online.de\/media\/kp\/dsk_kpnr_5.pdf\" target=\"_blank\" rel=\"noopener\">Brief Paper No. 5: Data Protection Impact Assessment according to Art. 35 DSGVO<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/Muster\/Liste_VerarbeitungsvorgaengeDSK.pdf;jsessionid=38EA3F1663932EA108B00663BA7775DF.intranet211?__blob=publicationFile&amp;v=5\" target=\"_blank\" rel=\"noopener\">List of processing activities for which a DIA must be carried out<\/a><\/li>\n<\/ul>\n<h4>Bavaria<\/h4>\n<ul>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-bayern.de\/datenschutzreform2018\/DSFA_Blacklist.pdf\" target=\"_blank\" rel=\"noopener\">Data Protection Impact Assessment - Bavarian Blacklist - List of processing operations pursuant to Art. 35 (4) GDPR for the Bavarian public sector (PDF)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-bayern.de\/technik\/orient\/oh_dsfa.pdf\" target=\"_blank\" rel=\"noopener\">Data protection impact assessment (guidance)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-bayern.de\/technik\/orient\/oh_dsfa_beispiel.pdf\" target=\"_blank\" rel=\"noopener\">Data protection impact assessment - methodology and case study<\/a><\/li>\n<\/ul>\n<h4>The \"must lists\" of other federal states<\/h4>\n<ul>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.baden-wuerttemberg.datenschutz.de\/wp-content\/uploads\/2018\/05\/Liste-von-Verarbeitungsvorg%C3%A4ngen-nach-Art.-35-Abs.-4-DS-GVO-LfDI-BW.pdf\" target=\"_blank\" rel=\"noopener\">Baden-W\u00fcrttemberg (list for the non-public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-bayern.de\/datenschutzreform2018\/DSFA_Blacklist.pdf\" target=\"_blank\" rel=\"noopener\">Bavaria (list for the public sector)<\/a> *<\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-berlin.de\/fileadmin\/user_upload\/pdf\/datenschutzfolgeabschaetzung\/BlnBDI-2018-DSFA-nicht-oeffentlich.pdf\" target=\"_blank\" rel=\"noopener\">Berlin (list for the non-public sector)<\/a> \/ <a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-berlin.de\/fileadmin\/user_upload\/pdf\/datenschutzfolgeabschaetzung\/BlnBDI-2018-DSFA-oeffentlich.pdf\" target=\"_blank\" rel=\"noopener\">Berlin (list for the public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.lda.brandenburg.de\/sixcms\/media.php\/9\/DSFA_Muss_Liste_oeffentlich_21062019.pdf\" target=\"_blank\" rel=\"noopener\">Brandenburg (list for public sector)<\/a> \/ <a style=\"color: #127db3;\" href=\"https:\/\/www.lda.brandenburg.de\/sixcms\/media.php\/9\/DSFA_Muss_Liste_Allgemein_17102018.4041740.pdf\" target=\"_blank\" rel=\"noopener\">Brandenburg (joint list for public \/ non-public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz.bremen.de\/publikationen\/weitere-veroeffentlichungen-9321\" target=\"_blank\" rel=\"noopener\">Bremen (lists for the public \/ non-public area as direct download)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/datenschutz-hamburg.de\/assets\/pdf\/DSFA%20Muss-Liste%20f%C3%BCr%20den%20nicht-%C3%B6ffentlicher%20Bereich%20-%20Stand%2017.10.2018.pdf\" target=\"_blank\" rel=\"noopener\">Hamburg (List for the non-public sector)<\/a> \/ <a style=\"color: #127db3;\" href=\"https:\/\/datenschutz-hamburg.de\/assets\/pdf\/Liste%20Art%2035-4%20DSGVO%20HmbBfDI-%C3%B6ffentlicher%20Bereich_v1.0.pdf\" target=\"_blank\" rel=\"noopener\">Hamburg (list for the public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/datenschutz.hessen.de\/sites\/datenschutz.hessen.de\/files\/HBDI_Verarbeitungsvorg%C3%A4nge%20-Muss-Liste%20Berlin%20%28002%29.pdf\" target=\"_blank\" rel=\"noopener\">Hesse (joint list for public \/ non-public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz-mv.de\/static\/DS\/Dateien\/DS-GVO\/HilfsmittelzurUmsetzung\/MV-DSFA-Muss-Liste-Oeffentlicher-Bereich.pdf\" target=\"_blank\" rel=\"noopener\">Mecklenburg-Western Pomerania (list for public sector)<\/a>*<\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.ldi.nrw.de\/mainmenu_Aktuelles\/submenu_EU-Datenschutzreform\/Inhalt\/EU-Datenschutzreform\/Liste-Art-35-4-NRW-OeB_v2.pdf\" target=\"_blank\" rel=\"noopener\">North Rhine-Westphalia (list for public sector)<\/a>*<\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutz.rlp.de\/fileadmin\/lfdi\/Dokumente\/Orientierungshilfen\/DSFA_-_Muss-Liste_RLP_OE.pdf\" target=\"_blank\" rel=\"noopener\">Rhineland-Palatinate (list for public sector)<\/a>*<\/li>\n<li>Saarland refers to the DSK list<\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.saechsdsb.de\/images\/stories\/sdb_inhalt\/DSGVO\/DSFA\/DSFA_Muss-Liste_V1_20180606.pdf\" target=\"_blank\" rel=\"noopener\">Saxony (joint list for non-public \/ public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/datenschutz.sachsen-anhalt.de\/fileadmin\/Bibliothek\/Landesaemter\/LfD\/PDF\/binary\/Informationen\/Internationales\/Datenschutz-Grundverordnung\/Liste_von_Verarbeitungstaetigkeiten_mit_erforderlicher_Datenschutz-Folgenabschaetzung\/Art-35-Liste-oeffentlicher_Bereich.pdf\" target=\"_blank\" rel=\"noopener\">Saxony-Anhalt (list for the public sector)<\/a> *<\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.datenschutzzentrum.de\/uploads\/datenschutzfolgenabschaetzung\/20180525_LfD-SH_DSFA_Muss-Liste_V1.0.pdf\" target=\"_blank\" rel=\"noopener\">Schleswig-Holstein (joint list for public \/ non-public sector)<\/a><\/li>\n<li><a style=\"color: #127db3;\" href=\"https:\/\/www.tlfdi.de\/fileadmin\/tlfdi\/datenschutz\/dsfa_muss-liste_04_07_18.pdf\" target=\"_blank\" rel=\"noopener\">Thuringia (joint list for public \/ non-public sector)<\/a><\/li>\n<\/ul>\n<p>*Refers for the non-public area to the <a href=\"https:\/\/www.bfdi.bund.de\/SharedDocs\/Downloads\/DE\/Muster\/Liste_VerarbeitungsvorgaengeDSK.pdf;jsessionid=38EA3F1663932EA108B00663BA7775DF.intranet211?__blob=publicationFile&amp;v=5\" target=\"_blank\" rel=\"noopener\">DSK List<\/a><\/p>\n<\/div><\/div><\/div><\/section>\n<\/div><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kmomuatd-4-3183d27decc4c3021530004596abfb28\">\n#top .hr.hr-invisible.av-kmomuatd-4-3183d27decc4c3021530004596abfb28{\nheight:15px;\n}\n<\/style>\n<div  class='hr av-kmomuatd-4-3183d27decc4c3021530004596abfb28 hr-invisible  avia-builder-el-84  el_after_av_one_full  el_before_av_one_full'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-38irt4-a3265c4a84bbfe7bcd111a53bb63e885\">\n.flex_column.av-38irt4-a3265c4a84bbfe7bcd111a53bb63e885{\nborder-radius:10px 10px 10px 10px;\npadding:50 px 50 px 50 px 50 px;\nbackground-color:#f7f7f7;\n}\n<\/style>\n<div  class='flex_column av-38irt4-a3265c4a84bbfe7bcd111a53bb63e885 av_one_full  avia-builder-el-85  el_after_av_hr  el_before_av_one_full  first flex_column_div'     ><p><br \/>\n<div  class='av-social-sharing-box av-ka3jmz4x-5dcebd1f09db7c20daac0063288815c9 av-social-sharing-box-default  avia-builder-el-87  el_after_av_codeblock  avia-builder-el-last  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc'>Do you like the piece? Feel free to share it.<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href='https:\/\/www.facebook.com\/sharer.php?u=https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2&#038;t=Datenschutz-Folgenabsch%C3%A4tzung' data-av_icon='\ue8f3' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on Facebook'><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on X\" href='https:\/\/twitter.com\/share?text=Datenschutz-Folgenabsch%C3%A4tzung&#038;url=https:\/\/www.robin-data.io\/en\/?p=9219' data-av_icon='\ue932' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on X'><span class='avia_hidden_link_text'>Share on X<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin avia_social_iconfont' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href='https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=Datenschutz-Folgenabsch%C3%A4tzung&#038;url=https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2' data-av_icon='\ue8fc' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share on LinkedIn'><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><li class='av-share-link av-social-link-mail avia_social_iconfont' ><a  aria-label=\"Share by Mail\" href='mailto:?subject=Datenschutz-Folgenabsch%C3%A4tzung&#038;body=https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2' data-av_icon='\ue805' data-av_iconfont='entypo-fontello'  title='' data-avia-related-tooltip='Share by Mail'><span class='avia_hidden_link_text'>Share by Mail<\/span><\/a><\/li><\/ul><\/div><\/div><\/p><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-228ehv-1ea72c1e17300415ef12cb2b1a9f645d\">\n.flex_column.av-228ehv-1ea72c1e17300415ef12cb2b1a9f645d{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n<\/style>\n<div  class='flex_column av-228ehv-1ea72c1e17300415ef12cb2b1a9f645d av_one_full  avia-builder-el-88  el_after_av_one_full  avia-builder-el-last  first flex_column_div av-zero-column-padding  column-top-margin'     ><section  class='av_textblock_section av-kaqhth2e-c0ce0e9fc51ca4569850f4a16f47c8e1'   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h3 style=\"text-align: center;\">This might interest you too:<\/h3>\n<\/div><\/section><br \/>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-kaqhpdsy-c149d804dc26de4da98e9603962fa194\">\n#top .hr.hr-invisible.av-kaqhpdsy-c149d804dc26de4da98e9603962fa194{\nheight:25px;\n}\n<\/style>\n<div  class='hr av-kaqhpdsy-c149d804dc26de4da98e9603962fa194 hr-invisible  avia-builder-el-90  el_after_av_textblock  el_before_av_blog'><span class='hr-inner'><span class=\"hr-inner-style\"><\/span><\/span><\/div><br \/>\n<div  data-slideshow-options=\"{&quot;animation&quot;:&quot;fade&quot;,&quot;autoplay&quot;:false,&quot;loop_autoplay&quot;:&quot;once&quot;,&quot;interval&quot;:5,&quot;loop_manual&quot;:&quot;manual-endless&quot;,&quot;autoplay_stopper&quot;:false,&quot;noNavigation&quot;:false,&quot;show_slide_delay&quot;:90}\" class='avia-content-slider avia-content-grid-active avia-content-slider1 avia-content-slider-odd  avia-builder-el-91  el_after_av_hr  avia-builder-el-last  av-slideshow-ui av-control-default   av-no-slider-navigation av-slideshow-manual av-loop-once av-loop-manual-endless'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Blog\" ><div class=\"avia-content-slider-inner\"><div class=\"slide-entry-wrap\"><article class='slide-entry flex_column  post-entry post-entry-1646 slide-entry-overview slide-loop-1 slide-parity-odd  av_one_third first real-thumbnail posttype-post post-format-standard'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data' data-rel='slide-1' class='slide-image' title='Personal data'><img decoding=\"async\" fetchpriority=\"high\" width=\"495\" height=\"343\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150327\/Personenbezogene-Daten-495x343.jpg\" class=\"wp-image-14066 avia-img-lazy-loading-not-14066 attachment-portfolio size-portfolio wp-post-image\" alt=\"\" \/><\/a><div class=\"slide-content\"><header class=\"entry-content-header\" aria-label=\"Slide: Personal data\"><h3 class='slide-entry-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data' title='Personal data'>Personal data<\/a><\/h3><span class=\"blog-categories minor-meta\"><a href=\"https:\/\/www.robin-data.io\/en\/category\/data-protection-and-data-security-academy\/wiki\" rel=\"tag\">Wiki<\/a> <\/span><span class=\"av-vertical-delimiter\"><\/span><\/header><div class='slide-entry-excerpt entry-content'  itemprop=\"text\" >What are personal data in data protection? What must be observed when processing in accordance with GDPR?<div class=\"read-more-link\"><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data\" class=\"more-link\">Read more<span class='more-link-arrow avia-svg-icon avia-font-svg_entypo-fontello' data-av_svg_icon='right-open-big' data-av_iconset='svg_entypo-fontello'><svg version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"15\" height=\"32\" viewbox=\"0 0 15 32\" preserveaspectratio=\"xMidYMid meet\" role=\"graphics-symbol\" aria-hidden=\"true\">\n<path d=\"M0.416 27.84l11.456-11.84-11.456-11.904q-0.832-0.832 0-1.536 0.832-0.832 1.536 0l12.544 12.608q0.768 0.832 0 1.6l-12.544 12.608q-0.704 0.832-1.536 0-0.832-0.704 0-1.536z\"><\/path>\n<\/svg><\/span><\/a><\/div><\/div><\/div><footer class=\"entry-footer\"><div class=\"slide-meta\"><time class='slide-meta-time updated'  itemprop=\"datePublished\" datetime=\"2021-07-26T11:20:49+02:00\" >26 July 2021<\/time><div class=\"slide-meta-del\">\/<\/div><div class=\"slide-meta-comments\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/personal-data#respond'>0 Comments<\/a><\/div><\/div><\/footer><span class='hidden'>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" >\n\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/05\/23150327\/Personenbezogene-Daten.jpg<\/span>\n\t\t\t\t\t\t<span itemprop='height'>343<\/span>\n\t\t\t\t\t\t<span itemprop='width'>685<\/span>\n\t\t\t\t<\/span>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"publisher\" itemtype=\"https:\/\/schema.org\/Organization\" itemscope=\"itemscope\" >\n\t\t\t\t\t\t<span itemprop='name'>Caroline Schwabe<\/span>\n\t\t\t\t\t\t<span itemprop='logo' itemscope itemtype='https:\/\/schema.org\/ImageObject'>\n\t\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/07\/05140916\/Robin-Data_ComplianceOS_white_logo.png<\/span>\n\t\t\t\t\t\t<\/span>\n\t\t\t\t<\/span><span class='av-structured-data'  itemprop=\"author\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Person\" ><span itemprop='name'>Caroline Schwabe<\/span><\/span><span class='av-structured-data'  itemprop=\"datePublished\" datetime=\"2021-03-25T13:57:59+01:00\" >2021-07-26 11:20:49<\/span><span class='av-structured-data'  itemprop=\"dateModified\" itemtype=\"https:\/\/schema.org\/dateModified\" >2025-03-24 15:53:58<\/span><span class='av-structured-data'  itemprop=\"mainEntityOfPage\" itemtype=\"https:\/\/schema.org\/mainEntityOfPage\" ><span itemprop='name'>Personal data<\/span><\/span><\/span><\/article><article class='slide-entry flex_column  post-entry post-entry-1632 slide-entry-overview slide-loop-2 slide-parity-even  av_one_third  real-thumbnail posttype-post post-format-standard'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/supervisory-authority' data-rel='slide-1' class='slide-image' title='Data protection supervisory authority'><img decoding=\"async\" fetchpriority=\"high\" width=\"495\" height=\"343\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150333\/Aufsichtsbehoerden-495x343.jpg\" class=\"wp-image-14070 avia-img-lazy-loading-not-14070 attachment-portfolio size-portfolio wp-post-image\" alt=\"\" \/><\/a><div class=\"slide-content\"><header class=\"entry-content-header\" aria-label=\"Slide: Data protection supervisory authority\"><h3 class='slide-entry-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/supervisory-authority' title='Data protection supervisory authority'>Data protection supervisory authority<\/a><\/h3><span class=\"blog-categories minor-meta\"><a href=\"https:\/\/www.robin-data.io\/en\/category\/data-protection-and-data-security-academy\/wiki\" rel=\"tag\">Wiki<\/a> <\/span><span class=\"av-vertical-delimiter\"><\/span><\/header><div class='slide-entry-excerpt entry-content'  itemprop=\"text\" >Tasks, powers and responsibilities of data protection supervisory authorities. In Europe and in Germany per federal state<div class=\"read-more-link\"><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/supervisory-authority\" class=\"more-link\">Read more<span class='more-link-arrow avia-svg-icon avia-font-svg_entypo-fontello' data-av_svg_icon='right-open-big' data-av_iconset='svg_entypo-fontello'><svg version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"15\" height=\"32\" viewbox=\"0 0 15 32\" preserveaspectratio=\"xMidYMid meet\" role=\"graphics-symbol\" aria-hidden=\"true\">\n<path d=\"M0.416 27.84l11.456-11.84-11.456-11.904q-0.832-0.832 0-1.536 0.832-0.832 1.536 0l12.544 12.608q0.768 0.832 0 1.6l-12.544 12.608q-0.704 0.832-1.536 0-0.832-0.704 0-1.536z\"><\/path>\n<\/svg><\/span><\/a><\/div><\/div><\/div><footer class=\"entry-footer\"><div class=\"slide-meta\"><time class='slide-meta-time updated'  itemprop=\"datePublished\" datetime=\"2021-07-25T15:17:52+02:00\" >25 July 2021<\/time><div class=\"slide-meta-del\">\/<\/div><div class=\"slide-meta-comments\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/supervisory-authority#respond'>0 Comments<\/a><\/div><\/div><\/footer><span class='hidden'>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" >\n\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/05\/23150333\/Aufsichtsbehoerden.jpg<\/span>\n\t\t\t\t\t\t<span itemprop='height'>343<\/span>\n\t\t\t\t\t\t<span itemprop='width'>685<\/span>\n\t\t\t\t<\/span>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"publisher\" itemtype=\"https:\/\/schema.org\/Organization\" itemscope=\"itemscope\" >\n\t\t\t\t\t\t<span itemprop='name'>Caroline Schwabe<\/span>\n\t\t\t\t\t\t<span itemprop='logo' itemscope itemtype='https:\/\/schema.org\/ImageObject'>\n\t\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/07\/05140916\/Robin-Data_ComplianceOS_white_logo.png<\/span>\n\t\t\t\t\t\t<\/span>\n\t\t\t\t<\/span><span class='av-structured-data'  itemprop=\"author\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Person\" ><span itemprop='name'>Caroline Schwabe<\/span><\/span><span class='av-structured-data'  itemprop=\"datePublished\" datetime=\"2021-03-25T13:57:59+01:00\" >2021-07-25 15:17:52<\/span><span class='av-structured-data'  itemprop=\"dateModified\" itemtype=\"https:\/\/schema.org\/dateModified\" >2025-03-24 16:12:40<\/span><span class='av-structured-data'  itemprop=\"mainEntityOfPage\" itemtype=\"https:\/\/schema.org\/mainEntityOfPage\" ><span itemprop='name'>Data protection supervisory authority<\/span><\/span><\/span><\/article><article class='slide-entry flex_column  post-entry post-entry-1715 slide-entry-overview slide-loop-3 slide-parity-odd  post-entry-last  av_one_third  real-thumbnail posttype-post post-format-standard'  itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/directory-of-processing-activities-2' data-rel='slide-1' class='slide-image' title='Record of processing activities'><img decoding=\"async\" fetchpriority=\"high\" width=\"495\" height=\"343\" src=\"https:\/\/media.robin-data.io\/2022\/05\/23150329\/Verzeichnis-Verarbeitungstaetigkeiten-495x343.jpg\" class=\"wp-image-14068 avia-img-lazy-loading-not-14068 attachment-portfolio size-portfolio wp-post-image\" alt=\"\" \/><\/a><div class=\"slide-content\"><header class=\"entry-content-header\" aria-label=\"Slide: List of processing activities\"><h3 class='slide-entry-title entry-title'  itemprop=\"headline\" ><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/directory-of-processing-activities-2' title='Record of processing activities'>Record of processing activities<\/a><\/h3><span class=\"blog-categories minor-meta\"><a href=\"https:\/\/www.robin-data.io\/en\/category\/data-protection-and-data-security-academy\/wiki\" rel=\"tag\">Wiki<\/a> <\/span><span class=\"av-vertical-delimiter\"><\/span><\/header><div class='slide-entry-excerpt entry-content'  itemprop=\"text\" >List of processing activities according to Art. 30 GDPR. Explained step by step with extensive information. Data protection made easy.<div class=\"read-more-link\"><a href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/directory-of-processing-activities-2\" class=\"more-link\">Read more<span class='more-link-arrow avia-svg-icon avia-font-svg_entypo-fontello' data-av_svg_icon='right-open-big' data-av_iconset='svg_entypo-fontello'><svg version=\"1.1\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"15\" height=\"32\" viewbox=\"0 0 15 32\" preserveaspectratio=\"xMidYMid meet\" role=\"graphics-symbol\" aria-hidden=\"true\">\n<path d=\"M0.416 27.84l11.456-11.84-11.456-11.904q-0.832-0.832 0-1.536 0.832-0.832 1.536 0l12.544 12.608q0.768 0.832 0 1.6l-12.544 12.608q-0.704 0.832-1.536 0-0.832-0.704 0-1.536z\"><\/path>\n<\/svg><\/span><\/a><\/div><\/div><\/div><footer class=\"entry-footer\"><div class=\"slide-meta\"><time class='slide-meta-time updated'  itemprop=\"datePublished\" datetime=\"2021-07-16T09:26:54+02:00\" >16 July 2021<\/time><div class=\"slide-meta-del\">\/<\/div><div class=\"slide-meta-comments\"><a href='https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/directory-of-processing-activities-2#respond'>0 Comments<\/a><\/div><\/div><\/footer><span class='hidden'>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" >\n\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/05\/23150329\/Verzeichnis-Verarbeitungstaetigkeiten.jpg<\/span>\n\t\t\t\t\t\t<span itemprop='height'>343<\/span>\n\t\t\t\t\t\t<span itemprop='width'>685<\/span>\n\t\t\t\t<\/span>\n\t\t\t\t<span class='av-structured-data'  itemprop=\"publisher\" itemtype=\"https:\/\/schema.org\/Organization\" itemscope=\"itemscope\" >\n\t\t\t\t\t\t<span itemprop='name'>Caroline Schwabe<\/span>\n\t\t\t\t\t\t<span itemprop='logo' itemscope itemtype='https:\/\/schema.org\/ImageObject'>\n\t\t\t\t\t\t\t<span itemprop='url'>https:\/\/media.robin-data.io\/2022\/07\/05140916\/Robin-Data_ComplianceOS_white_logo.png<\/span>\n\t\t\t\t\t\t<\/span>\n\t\t\t\t<\/span><span class='av-structured-data'  itemprop=\"author\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/Person\" ><span itemprop='name'>Caroline Schwabe<\/span><\/span><span class='av-structured-data'  itemprop=\"datePublished\" datetime=\"2021-03-25T13:57:59+01:00\" >2021-07-16 09:26:54<\/span><span class='av-structured-data'  itemprop=\"dateModified\" itemtype=\"https:\/\/schema.org\/dateModified\" >2025-04-22 09:38:59<\/span><span class='av-structured-data'  itemprop=\"mainEntityOfPage\" itemtype=\"https:\/\/schema.org\/mainEntityOfPage\" ><span itemprop='name'>Record of processing activities<\/span><\/span><\/span><\/article><\/div><\/div><\/div><\/p><\/div>","protected":false},"excerpt":{"rendered":"<p>Detailed description of the data protection impact assessment pursuant to Article 35 of the GDPR as well as specifications for the practical implementation of the DPIA.<\/p>","protected":false},"author":3,"featured_media":14065,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[71],"tags":[123,37,183],"class_list":["post-9219","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wiki","tag-aufgaben","tag-datenschutz","tag-dsms"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.8 (Yoast SEO v26.8) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Was ist eine Datenschutz-Folgenabsch\u00e4tzung nach DSGVO?<\/title>\n<meta name=\"description\" content=\"Alles \u00fcber die Datenschutz-Folgenabsch\u00e4tzung (DSFA) nach Artikel 35 DSGVO. Eine wichtige Risikoanalyse f\u00fcr kritische Datenverarbeitungen.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Datenschutz-Folgenabsch\u00e4tzung\" \/>\n<meta property=\"og:description\" content=\"Alles \u00fcber die Datenschutz-Folgenabsch\u00e4tzung (DSFA) nach Artikel 35 DSGVO. Eine wichtige Risikoanalyse f\u00fcr kritische Datenverarbeitungen.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2\" \/>\n<meta property=\"og:site_name\" content=\"Robin Data GmbH\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/robindatade\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-25T12:57:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-04-22T07:39:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"685\" \/>\n\t<meta property=\"og:image:height\" content=\"343\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Caroline Schwabe\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@RobinData_DE\" \/>\n<meta name=\"twitter:site\" content=\"@RobinData_DE\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Caroline Schwabe\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"18 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung\"},\"author\":{\"name\":\"Caroline Schwabe\",\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5\"},\"headline\":\"Datenschutz-Folgenabsch\u00e4tzung\",\"datePublished\":\"2021-03-25T12:57:59+00:00\",\"dateModified\":\"2025-04-22T07:39:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung\"},\"wordCount\":11179,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg\",\"keywords\":[\"Aufgaben\",\"Datenschutz\",\"DSMS\"],\"articleSection\":[\"Wiki\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#respond\"]}]},{\"@type\":[\"WebPage\",\"ItemPage\"],\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung\",\"url\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung\",\"name\":\"Was ist eine Datenschutz-Folgenabsch\u00e4tzung nach DSGVO?\",\"isPartOf\":{\"@id\":\"https:\/\/www.robin-data.io\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg\",\"datePublished\":\"2021-03-25T12:57:59+00:00\",\"dateModified\":\"2025-04-22T07:39:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5\"},\"description\":\"Alles \u00fcber die Datenschutz-Folgenabsch\u00e4tzung (DSFA) nach Artikel 35 DSGVO. Eine wichtige Risikoanalyse f\u00fcr kritische Datenverarbeitungen.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage\",\"url\":\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg\",\"contentUrl\":\"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg\",\"width\":685,\"height\":343},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\/\/www.robin-data.io\/startseite\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Datenschutz-Folgenabsch\u00e4tzung\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.robin-data.io\/#website\",\"url\":\"https:\/\/www.robin-data.io\/\",\"name\":\"Robin Data GmbH\",\"description\":\"Robin Data ComplianceOS\u00ae Das Compliance Operating System\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.robin-data.io\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5\",\"name\":\"Caroline Schwabe\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.robin-data.io\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g\",\"caption\":\"Caroline Schwabe\"},\"description\":\"Frau Schwabe ist Informationsdesignerin und Datenschutzbeauftragte. Der Schwerpunkt ihrer Arbeit liegt darin, Kunden und Interessenten mit Beitr\u00e4gen in der Robin Data Datenschutz-Akademie weiterzuhelfen.\",\"url\":\"https:\/\/www.robin-data.io\/en\/author\/csc\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is a data protection impact assessment under the GDPR?","description":"All about the data protection impact assessment (DPIA) in accordance with Article 35 GDPR. An important risk analysis for critical data processing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2","og_locale":"en_GB","og_type":"article","og_title":"Datenschutz-Folgenabsch\u00e4tzung","og_description":"Alles \u00fcber die Datenschutz-Folgenabsch\u00e4tzung (DSFA) nach Artikel 35 DSGVO. Eine wichtige Risikoanalyse f\u00fcr kritische Datenverarbeitungen.","og_url":"https:\/\/www.robin-data.io\/en\/data-protection-and-data-security-academy\/wiki\/data-protection-impact-assessment-2","og_site_name":"Robin Data GmbH","article_publisher":"https:\/\/www.facebook.com\/robindatade\/","article_published_time":"2021-03-25T12:57:59+00:00","article_modified_time":"2025-04-22T07:39:43+00:00","og_image":[{"width":685,"height":343,"url":"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg","type":"image\/jpeg"}],"author":"Caroline Schwabe","twitter_card":"summary_large_image","twitter_creator":"@RobinData_DE","twitter_site":"@RobinData_DE","twitter_misc":{"Written by":"Caroline Schwabe","Estimated reading time":"18 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#article","isPartOf":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung"},"author":{"name":"Caroline Schwabe","@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5"},"headline":"Datenschutz-Folgenabsch\u00e4tzung","datePublished":"2021-03-25T12:57:59+00:00","dateModified":"2025-04-22T07:39:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung"},"wordCount":11179,"commentCount":0,"image":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage"},"thumbnailUrl":"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg","keywords":["Aufgaben","Datenschutz","DSMS"],"articleSection":["Wiki"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#respond"]}]},{"@type":["WebPage","ItemPage"],"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung","url":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung","name":"What is a data protection impact assessment under the GDPR?","isPartOf":{"@id":"https:\/\/www.robin-data.io\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage"},"image":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage"},"thumbnailUrl":"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg","datePublished":"2021-03-25T12:57:59+00:00","dateModified":"2025-04-22T07:39:43+00:00","author":{"@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5"},"description":"All about the data protection impact assessment (DPIA) in accordance with Article 35 GDPR. An important risk analysis for critical data processing.","breadcrumb":{"@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#primaryimage","url":"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg","contentUrl":"https:\/\/media.robin-data.io\/2022\/05\/23150325\/Marketing.jpg","width":685,"height":343},{"@type":"BreadcrumbList","@id":"https:\/\/www.robin-data.io\/datenschutz-akademie\/wiki\/datenschutz-folgenabschaetzung#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.robin-data.io\/startseite"},{"@type":"ListItem","position":2,"name":"Datenschutz-Folgenabsch\u00e4tzung"}]},{"@type":"WebSite","@id":"https:\/\/www.robin-data.io\/#website","url":"https:\/\/www.robin-data.io\/","name":"Robin Data GmbH","description":"Robin Data ComplianceOS\u00ae The Compliance Operating System","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.robin-data.io\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/83e2bd965d3e87f50c5da3c0b541dfe5","name":"Caroline Schwabe","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.robin-data.io\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4afcd09464d8c4418a7e62c3fdd2103c84addcb37103428b60586d9b32b79b3f?s=96&d=mm&r=g","caption":"Caroline Schwabe"},"description":"Ms. Schwabe is an information designer and Data Protection Officer. The focus of her work is to help customers and interested parties with contributions to the Robin Data Privacy Academy.","url":"https:\/\/www.robin-data.io\/en\/author\/csc"}]}},"_links":{"self":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts\/9219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/comments?post=9219"}],"version-history":[{"count":70,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts\/9219\/revisions"}],"predecessor-version":[{"id":10515,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/posts\/9219\/revisions\/10515"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/media\/14065"}],"wp:attachment":[{"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/media?parent=9219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/categories?post=9219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.robin-data.io\/en\/wp-json\/wp\/v2\/tags?post=9219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}