UPDATE: (the new ones are Mecklenburg-Western Pomerania, Bremen and Saxony-Anhalt)

Some supervisory authorities and the Confederation have drawn up a positive list of data protection impact assessment. Thus theoratically provide a litte more clarity when an estimation is necesarry. The only thing that is really stupid is that everyone has their own list and some don’t even exist yet.

In Poland, for example, this was apparently regulated at national level. As a result, there exist a “Black/White-list” regarding this topic. Below a link to an unofficial translation:


In Belgium the government has already worked out a list at national level. So for everyone who speaks french: https://www.privacycommission.be
and look for:„recommandation_01_2018.pdf“

This list makes no claim to be exhaustive and is no longer beeing updated. But might give an overview at creation time (22.06.2018).

Hagen Wolfstetter