§ 42-522StatuteReference only

Data Protection Assessments

Effective July 1, 2023Reviewed July 2026

Reference only: This requirement is not currently tested by the Privisy scanner. It is included for reference. Consult a qualified attorney to assess your compliance posture.

What it requires

Requires controllers to conduct and document data protection assessments for activities that present a heightened risk of harm, such as targeted advertising, sale of personal data, and profiling.

Legal text (excerpt)

A controller shall conduct and document a data protection assessment of each of the following processing activities involving personal data: (1) The processing of personal data for purposes of targeted advertising; (2) The sale of personal data; (3) The processing of personal data for purposes of profiling...

Connecticut Data Privacy Act: § 42-522, Statute, effective 2023

Primary source

Connecticut Office of the Attorney General: § 42-522: Data Protection Assessments

Legal notice: This page is for informational purposes only and does not constitute legal advice. The legal text excerpt is reproduced from official public sources and is current as of the stated effective date. Laws change: verify against the authoritative source and consult a licensed attorney for compliance guidance.

Stop Guessing. Start Knowing.

Find out exactly where your website stands before a regulator does.

Get My Compliance Audit