Elimination of the General Reporting Requirement

¹Directive 95/46/EC provided for a general obligation to notify the processing of personal data to the supervisory authorities. ²While that obligation produces administrative and financial burdens, it did not in all cases contribute to improving the protection of personal data. ³Such indiscriminate general notification obligations should therefore be abolished, and replaced by effective procedures and mechanisms which focus instead on those types of processing operations which are likely to result in a high risk to the rights and freedoms of natural persons by virtue of their nature, scope, context and purposes. ⁴Such types of processing operations may be those which in, particular, involve using new technologies, or are of a new kind and where no data protection impact assessment has been carried out before by the controller, or where they become necessary in the light of the time that has elapsed since the initial processing.