Data Protection Assessments
Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.
What it requires
Mandates controllers to conduct data protection assessments for processing activities presenting a heightened risk of harm to consumers, such as targeted advertising, sale of personal data, or profiling.
Legal text (excerpt)
A controller shall conduct and document a data protection assessment of each of its processing activities that involves personal data acquired on or after the effective date of this section and that presents a heightened risk of harm to a consumer.
Primary source
Colorado Attorney General: § 6-1-1309: Data Protection Assessments ↗Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.