GDPR (Privacy European Regulation) does not require “notification to the supervisory authority” for special data processings. Such notification was required by previous Directive 95/46/CE.
In fact, notification of special processing processings is considered an obsolete tool and, as written in introductory clause 89, “did not in all cases contribute to improving the protection of personal data”.
Now, this notification is replaced by the Data protection impact assessment (or Privacy impact assessment or PIA; in Article 35), to be carried out by controllers for the most critical processing operations. It is up to the controller, prior to the beginning of processing operations, to consult the supervisory authority if the risk is high.
In future, EU Countries can require a prior consultation with supervisory authority for specific processing operations.
Thanks to Pierfrancesco Maistrello of Vecomp for his help on this subject.