Common use of Further Considerations Clause in Contracts

Further Considerations. There are limited circumstances where a mandatory DPIA should be carried out, even where processing was underway prior to the GDPR coming into effect1. DOES THE PROCESS INVOLVE: YES/NO 1.2.1 A systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning individuals or similarly significantly affect individuals. NO 1.2.2 A systematic monitoring of a publicly accessible area on a large scale. NO 1.2.3 The Data Protection Commission has determined that a DPIA will also be mandatory for the following types of processing operation where a documented screening or preliminary risk assessment indicates that the processing operation is likely to result in a high risk to the rights and freedoms of individuals pursuant to GDPR Article 35(1): Lists of Types of Data Processing Operations which require a DPIA. (if this hyperlink does not work, use the following url: xxxxx://xxx.xxxxxxxxxxxxxx.xx/sites/default/files/uploads/2018-11/Data-Protection- Impact-Assessment.pdf) NO

Further Considerations. There are limited circumstances where a mandatory DPIA should be carried out, even where processing was underway prior to the GDPR coming into effect1. DOES THE PROCESS INVOLVE: YES/NO 1.2.1 A systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning individuals or similarly significantly affect individuals. NOChoose Y/N 1.2.2 A systematic monitoring of a publicly accessible area on a large scale. NOChoose Y/N 1.2.3 The Data Protection Commission has determined that a DPIA will also be mandatory for the following types of processing operation where a documented screening or preliminary risk assessment indicates that the processing operation is likely to result in a high risk to the rights and freedoms of individuals pursuant to GDPR Article 35(1): Lists of Types of Data Processing Operations which require a DPIA. (if this hyperlink does not work, use the following url: xxxxx://xxx.xxxxxxxxxxxxxx.xx/sites/default/files/uploads/2018-11/Data-Protection- Impact-Assessment.pdfxxxxx://xxx.xxxxxxxxxxxxxx.xx/sites/default/files/uploads/2018-11/Data-Protection-Impact-Assessment.pdf) NOChoose Y/N If ‘Yes’ to any then you are likely required to carry out a DPIA under Article 35 GDPR. If ‘No’, to all then a DPIA may not be required.

Further Considerations. There are limited circumstances where a mandatory DPIA should be carried out, even where processing was underway prior to the GDPR coming into effect1. DOES THE PROCESS INVOLVE: YES/NO 1.2.1 A systematic and extensive evaluation of personal aspects relating to natural persons which is based on automated processing, including profiling, and on which decisions are based that produce legal effects concerning individuals or similarly significantly affect individuals. NO 1.2.2 A systematic monitoring of a publicly accessible area on a large scale. NO 1.2.3 The Data Protection Commission has determined that a DPIA will also be mandatory for the following types of processing operation where a documented screening or preliminary risk assessment indicates that the processing operation is likely to result in a high risk to the rights and freedoms of individuals pursuant to GDPR Article 35(1): Lists of Types of Data Processing Operations which require a DPIA. (if this hyperlink does not work, use the following url: xxxxx://xxx.xxxxxxxxxxxxxx.xx/sites/default/files/uploads/2018-11/Data-Protection- Impact-Assessment.pdf) NONO If ‘Yes’ to any then you are likely required to carry out a DPIA under Article 35 GDPR. If ‘No’, to all then a DPIA may not be required. 1 xxxxx://xxx-xxx.xxxxxx.xx/legal-content/EN/TXT/?uri=CELEX:02016R0679-20160504