On June 27, the Datenschutzkonferenz, which is the consensus of all German DPAs, published a "must-list" for data protection impact assessments ("DPIA") (source document in German). The document contains a comprehensive list of processing activities, their fields of application, and examples of activities that require a DPIA. The Bavarian DPA also published comprehensive guidance, case studies, and links to additional information for carrying out a DPIA and the necessary risk analysis (source document in German).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.