| Personal data processing that require the DPIA – general provision |
| Cooperation between the controller and data protection officer |
| Processing that requires the obligatory DPIA |
| List of processing operations which require an obligatory data protection impact assessment |
| List of the kind of processing operations for which no data protection impact assessment is required |
| Consistency mechanism referred to in Article 63 |
| Minimal content of the DPIA |
| Assessing the impact of the processing performed by such controllers or processors |
| Gathering the opinions of data subjects or their representatives |
| Situations where the DPIA need not to be done |
| Situation where the DPIA might be necessary |
