[Updated 19 September 2018]
To date, the following positive and negative lists on data protection impact assessments (DSFA) (both concretize the obligation to provide a DSFA based on Art. 35 Para. 4 (positive lists, black list; probably mandatory for authorities) and Para. 5 (negative list, white list; probably voluntary for authorities)):
| Authority | Date | Type | Link |
| Belgium | 28.2.2018 | black/white | https://goo.gl/bSa1Mr |
| Germany / Baden-Wuerttemberg | 25.5.2018 | black | https://goo.gl/UjjECY |
| Germany / Saarland | 25.5.2018 | black | https://goo.gl/pCDqfz (same as Baden-Württemberg, but with two additional cases) |
| Germany / Schleswig-Holstein | 25.5.2018 | black | https://goo.gl/81Yoa9 (same as Baden-Württemberg, but with one additional case; not identical to the additional cases in Saarland). |
| Germany / Rhineland-Palatinate | 25.5.2018 | black – for public use only | https://goo.gl/wSWJsZ |
| Germany (Data Protection Conference, DSK) | 25.7.2018 | black | https://goo.gl/nN3eCt |
| Austria | 25.5.2018 | white | https://bit.ly/2l50aqU |
| Poland | undated | black | Polish: https://giodo.gov.pl/pl/file/13366
English translation by Kobylańska & Lewoszewski: https://goo.gl/36bnBM |