As part of a series addressing the questions most frequently asked by clients concerning the General Data Protection Regulation (GDPR), Bryan Cave Leighton Paisner offered insight into the question: Is there a specific amount of data which qualifies as large scale for the purpose of determining whether a Data Protection Officer must be appointed or a Data Protection Impact Assessment must be performed? Paisner said, although Article 29 Working Party has provided some guidance concerning what qualifies as large scale, it does not offer a specific numeric threshold. Authorities in the Czech Republic, Estonia and Greece have responded by issuing their own interpretive guidance. The European Data Protection Board, however, rejected their positions and requested that each supervisory authority amend its list by deleting the explicit figures.
