Data Protection Assessments
Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.
What it requires
Requires controllers to conduct and document data protection assessments for activities that present a heightened risk of harm, such as targeted advertising, sale of personal data, and profiling.
Legal text (excerpt)
A controller shall conduct and document a data protection assessment of each of the following processing activities involving personal data: (1) The processing of personal data for purposes of targeted advertising; (2) The sale of personal data; (3) The processing of personal data for purposes of profiling...
Primary source
Connecticut Office of the Attorney General: § 42-522: Data Protection Assessments ↗Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.