List of data processing operations for which a data protection impact assessment is required

On 6 May 2019, the Spanish Data Protection Agency (AEPD) published a non-exhaustive list of data processing operations that are subject to the requirement of a data protection impact assessment in compliance with Article 35(4) of the General Data Protection
Regulation (GDPR), hich provides that competent supervisory authorities shall establish and make public such a list.