§ 6-1-1309StatuteReference only

Data Protection Assessments

Effective July 1, 2023Reviewed July 2026

Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.

What it requires

Mandates controllers to conduct data protection assessments for processing activities presenting a heightened risk of harm to consumers, such as targeted advertising, sale of personal data, or profiling.

Legal text (excerpt)

A controller shall conduct and document a data protection assessment of each of its processing activities that involves personal data acquired on or after the effective date of this section and that presents a heightened risk of harm to a consumer.

Colorado Privacy Act: § 6-1-1309, Statute, effective 2023

Primary source

Colorado Attorney General: § 6-1-1309: Data Protection Assessments

Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.

Stop Guessing. Start Knowing.

Find out exactly where your website stands before a regulator does.

Get My Compliance Audit