You may be trying to access this site from a secured browser on the server. Please enable scripts and reload this page.
Home
Internal
Global
Contatto
it
Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |
In tutto il mondo
It looks like your browser does not have JavaScript enabled. Please turn on JavaScript and try again.
✕
Mondiale
Algeria
Angola
Arabia Saudita
Argentina
Australia
Austria
Azerbaigian
Bahrain
Belgio
Bielorussia
Bosnia ed Erzegovina
Botswana
Brasile
Bulgaria
Cambogia
Canada
Cile
Cina
Cipro
Colombia
Corea del Sud
Costa Rica
Croazia
Danimarca
Ecuador
Egitto
Emirati Arabi Uniti
Estonia
Etiopia
Finlandia
Flippine
Francia
Georgia
Germania
Ghana
Giappone
Grecia
Hong Kong
India
Indonesia
Irlanda
Italia
Kazakistan
Kenya
Kuwait
Lettonia
Libia
Liechtenstein
Lituania
Lussemburgo
Macedonia del Nord
Malesia
Marocco
Mauritius
Messico
Moldavia
Mongolia
Mozambico
Myanmar
Namibia
Nigeria
Norvegia
Nuova Zelanda
Oman
Paesi Bassi
Pakistan
Perù
Polonia
Portogallo
Qatar
Regno Unito
Repubblica Ceca
Romania
Serbia
Singapore
Slovacchia
Slovenia
Spagna
Sudafrica
Svezia
Svizzera
Taiwan
Tanzania
Thailandia
Tunisia
Turchia
Ucraina
Uganda
Ungheria
Uruguay
USA
Uzbekistan
Vietnam
Zambia
I nostri uffici Rödl & Partner
German Professional Services Alliance -
GPSA
�������������������������������������������������������������
(I colori appaiono al passaggio del mouse)
Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra
Cookie Policy
.
Approfondimenti
Servizi
Whistleblowing
Data Protection
Servizi legali
Servizi fiscali
Servizi multipractice
Industry
Revisione contabile
Formazione
Professionisti
Media
Rödl E-Book
RÖDL REPLAY - I NOSTRI WEBINAR
Newsletter
Legal Newsletter
Tax Newsletter
Data Protection Bites
Comunicati stampa
Comunicati operazioni
Rödl E-Book
Rödl & Partner sulla stampa online
Eventi
Su di noi
Currently selected
E-Book INTERNATIONAL VAT GUIDELINES
Uno studio internazionale
Uno studio internazionale
Le nostre sedi
Impegno sociale
Whistleblowing
Codice Etico
Modello 231
Sostenibilità
Carriera
Media
Pubblicazioni
Newsletter
Data Protection Bites
Data Protection Bites 9/2019
Spain has now the two lists of article 35 GDPR about the requirement of a DPIA
Recent
Italian (Italy)
Currently selected
Consulenza legale, Consulenza fiscale, Audit, Servizi in outsourcing
Approfondimenti
Carriera
Cookie Policy
Cookie Policy
Eventi
Home
Informativa Privacy
Media
Privacy Policy
Professionisti
Servizi
Uno studio internazionale
BPO - Business Process Outsourcing
no-it-version-available
Profile
Error 404!
Error 401!
Spain has now the two lists of article 35 GDPR about the requirement of a DPIA
Page Content
As already announced on the Data Protection Bites 5/2019 release, on 6th of May the Spanish Supervisory Authority (AEPD) published the final list regarding the processing operations subject to the requirement of a Data Protection Impact Assessment (DPIA), in compliance with Article 35 (4) of the GDPR. Around four months later, the AEPD has also published a list of processing activities which do not require a DPIA, making use of this possibility granted by Article 35 (5) of the GDPR.
In compliance with paragraph 4 of Article 35 of the GPDR, the Spanish Supervisory Authority (the “AEPD”) published on the 6th of May this year the list of processing operations which shall be subject to the requirement of a Data Protection Impact Assessment (DPIA).
The AEPD made clear that it constitutes a non-exhaustive list and that when a processing operation fulfils two or more criteria set out on the list, it will most likely need to be subject to a DPIA, “unless such processing operation is included in the list referred to in Article 35.5 of the GDPR of processing operations for which no DPIA is required”.
From such a statement we could already draw the conclusion that the AEPD was planning to work on such a list, although it is set as facultative by the GDPR and not as an obligation of the supervisory authorities such as the list referred to in Article 35 (4).
Last September, the AEPD finally published the referred list of processing activities which do not have to be subject to a DPIA (you can find
here
the list in the following link- only available in Spanish).
The AEPD rightly explains in this document that "a DPIA is a costly process and it is necessary to apply a principle of economy of means. Therefore, a previous qualitative analysis may conclude that such a DPIA is not necessary. In that case, such a decision must be sufficiently substantiated”.
The AEPD also points out that this list only establishes the processing operations that are exempted from the requirement of a DPIA, but it does not constitute in any way a list of exemptions from the obligations established by the data protection regulations.
This list consists of seven (7) processing operations which do not have to be subject to a DPIA, among which the following can be highlighted:
the processing activities carried out by individual self-employed workers, such as doctors, health professionals or lawyers, as long as the relevant processing operation does not significantly meet two or more criteria set out on the list of processing activities subject to a DPIA, since in such case it is possible that a DPIA may be required; or
processing activities that are mandatory by law and that are carried out in relation to the internal management of SME’s staff, for the purposes of accounting, human resources and payroll management, social security and occupational health; but in no case those processing operations that involve client data.
Contact
Isabel Garcìa Garcìa
+34 91 5359977
Invia richiesta
RÖDL & PARTNER SPAIN
Discover more about our offices in Spain.
Read more »
Data Protection Bites
Our newsletter aims at collecting updates, news and insights on data protection matters worldwide, with a special focus on the GDPR.
Read all releases
»
Turn on more accessible mode
Turn off more accessible mode
Skip Ribbon Commands
Skip to main content
Turn off Animations
Turn on Animations
Deutschland
Weltweit
Search
Menu
