Ricerc@Sapienza

By means of a decision dated 11 October 2018 the Italian Data Protection Authority (“IDPA”) adopted and published the list of the processing operations, subject to the requirement of a Data Protection Impact Assessment (the “DPIA”) pursuant to art. 35, para. 4, of the Regulation (EU) 2016/679 (“GDPR”). The DPIA is one of the most relevant and complex data protection compliance obligations introduced by the GDPR, which is aimed at identifying and mitigating the data protection risks that could affect the rights and freedoms of individuals before engaging in the processing activity. The List consistently purports the objective to identify those processing operations which are likely to result in a high risk and which therefore require a DPIA