High risk processing
For the GDPR a DPIA is mandatory in case of high risks processing. The University of Groningen defined a DPIA protocol that states in which case the DPIA is requested (work in progress). The DPIA protocol also applies for research project.
The European Data Protection Supervisor identified nine possible processing “likely to result in a high risk” . However, the application of these criteria on a research project is not always straightforward.
In the research context, the European Commission for Research and Innovation defined a list of indicators of data processing operations that may entail higher ethics risks .
The table below may help you to think about risks in the context of a research project. Information extracted from .
|Types of personal data (special categories of data)||
|Scale or complexity of data processing||
|Data-collection or processing techniques||
|Involvement of non-EU countries||
 Article 29 Data Protection Working Party, ”Guidelines on Data Protection Impact Assessment (DPIA) and determining whether the processing is “likely to result in a high risk” for the purposes of Regulation 2016/679”.
 European Commission, Ethics and data protection, Nov. 2018.
|Last modified:||08 May 2019 4.15 p.m.|