Spain’s Data Protection Authority Publishes Data Processing ‘White List’

Fox Rothschild LLP
Contact

Fox Rothschild LLPThe Spanish AEPD has published a “white list” of data processing operations that DO NOT require a Data Protection Impact Assessment (DPIA) under GDPR:

  • Processing carried out under guidelines previously established or authorized by the DPA
  • Processing carried out under the guidelines of an approved code of conduct
  • Processing necessary to comply with a legal requirement or to complete a mission in the public interest
  • Processing carried out by self-employed personnel who work on an individual basis in the exercise of their professional duties (e.g. physicians, healthcare professionals, or lawyers)
  • Processing carried out in relation to the internal administration of personnel working at SMEs (e.g. accounting, HR management, payroll management)
  • Processing carried out by owners’ associations and sub-associations in multi-occupancy properties
  • Processing carried out by professional colleges and non-profit associations in connection with the data of their associates members and donors of the data controllers, provided that the processing does not extend to special category data.

Details from the AEPD.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Fox Rothschild LLP

Written by:

Fox Rothschild LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide