UnderArticle 35(1) of GDPR, aDPIA is not requiredwhen processing isbased on a legal obligationunderEU or national law.
Option A is correctbecauselegal obligations provide a lawful basis for processing, making DPIAs unnecessary unless explicitly required by law.
Option B is incorrectbecausehealth and genetic data are special categories of data, requiring aDPIA under Article 35(3)(b).
Option C is incorrectbecauseprofiling and behavioral analysis require a DPIA, as perArticle 35(3)(a).
Option D is incorrectbecauseworkplace surveillance with AI requires a DPIA, as it involvesautomated monitoring.
References:
GDPR Article 35(1)(DPIA requirement for high-risk processing)
Recital 91(Health data and large-scale profiling require DPIAs)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit