[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fq4mj4EQsqpIAlKpVRYdMlwg7T5n2T4Fa_NiTSmQvcSM":3},{"sections":4,"resultAnalysis":1113,"id":1114,"version":1115,"newVersion":22,"label":1116,"isPinned":22,"isShared":22,"sharingToken":9,"isRevision":22,"isBlockAnalysisShared":22,"nbReferences":257,"referenceId":1117,"nbResponses":11,"parentId":9,"revisionDescription":1115,"logoUrl":1118,"description":1119,"scheduleIntervalDays":9,"versionNumber":260,"dateCreation":1120,"dateUpdate":1121,"dateArchived":9,"archived":22,"type":1122,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":1123,"creator":1124,"objectType":1131,"objectTypeIndex":1132,"objectTypeColor":1133,"objectTypeIcon":1134,"objectTypeText":1135,"defaultOwners":1136,"tags":1137,"privacyHubs":9,"nbQuestions":1149,"nbQuestionsRequired":1150,"nbDatas":11,"deadLineDays":9},[5,55,76,142,232,307,363,417,470,525,645,699,840,979,1044,1064,1083],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":13,"sections":54},"c92b0058-deb4-459b-a2cd-cda32cda6cce","general-information","General information",null,"Default",0,"SectionType_Default",[14,24,29,34,50],{"id":15,"slug":16,"label":17,"tooltipHtml":9,"descriptionHtml":18,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"32c5677f-a65c-4bef-8daf-27b2ea10e1f1","what-is-the-processing-operation-subject-to-the-assessment","What is the processing operation subject to the assessment?","\u003Cp>Provide a concise overview: its name, purpose(s), expected benefits, and usage context\u003C/p>","RichText",2,"Text editor",false,true,{"id":25,"slug":26,"label":27,"tooltipHtml":9,"descriptionHtml":28,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"74dddc66-fdea-4d2b-a533-843573537966","what-are-the-responsibilities-related-to-the-processing","What are the responsibilities related to the processing?","\u003Cp>Describe the roles and responsibilities of the stakeholders\u003C/p>",{"id":30,"slug":31,"label":32,"tooltipHtml":9,"descriptionHtml":33,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"66813462-febd-4245-9758-2190bd54fa43","what-reference-frameworks-apply","What reference frameworks apply?","\u003Cp>Indicate here which reference frameworks apply to the processing. These frameworks serve as normative standards and help guide the completion of the assessment.\u003C/p>",{"id":35,"slug":36,"label":37,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":41,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"5145ca01-3c2c-4538-a17e-3c73207ed540","does-the-processing-rely-on-an-artificial-intelligence-algorithm-or-an-automate","Does the processing rely on an artificial intelligence algorithm or an automated decision-making process?","Radio",7,"Unique choice list",[42,46],{"id":43,"color":44,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"4c1fbeeb-04e9-46ec-97fa-ef2a2e255a7e","#D8081A","Yes",{"id":47,"color":48,"rangeValue":9,"label":49,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"68b7cf9e-06bd-4f0d-b934-230f91f3482c","#07CF7B","No",{"id":51,"slug":52,"label":53,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"66b45e49-e7c5-4670-84eb-376c9bb1060b","if-yes-specify-the-type-of-algorithm-used-eg-supervised-learning-generative-etc","If yes, specify the type of algorithm used (e.g. supervised learning, generative, etc.) and the purpose of the AI use (e.g. sorting, scoring, prediction, generation, etc.).",[],{"id":56,"slug":57,"label":58,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":59,"sections":75},"f9e01e33-b417-4069-9d1a-10ecadaef9e4","description","Description",[60,65,70],{"id":61,"slug":62,"label":63,"tooltipHtml":9,"descriptionHtml":64,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"c305d34b-5af5-4d91-b730-ef2b1268eccc","what-data-are-being-processed","What data are being processed?","\u003Cp>List the data collected and processed, specifying their retention periods, recipients, and persons with access.\u003C/p>",{"id":66,"slug":67,"label":68,"tooltipHtml":9,"descriptionHtml":69,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"0b3b0220-2aec-4780-b584-f169471936c5","how-does-the-data-lifecycle-unfold-functional-description","How does the data lifecycle unfold? (functional description)","\u003Cp>Describe the data lifecycle here.  \nYou may attach a flow diagram as an appendix to your response.\u003C/p>",{"id":71,"slug":72,"label":73,"tooltipHtml":9,"descriptionHtml":74,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"8aceee3f-9df6-4478-b721-3f920295b8e9","what-are-the-data-storage-media","What are the data storage media?","\u003Cp>Detail the data storage media here — for example, the application or software used to process the data.\u003C/p>",[],{"id":77,"slug":78,"label":79,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":80,"sections":141},"f7092382-7c86-4e74-a42a-9aa35224fe6c","proportionality-and-necessity-of-data","Proportionality and necessity of data",[81,86,91,96,101,106,122,126,137],{"id":82,"slug":83,"label":84,"tooltipHtml":9,"descriptionHtml":85,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"7268e4ce-036e-40e4-8f67-3af419b48769","are-the-purposes-of-the-processing-determined-explicit-and-legitimate","Are the purposes of the processing determined, explicit, and legitimate?","\u003Cp>Explain how the purposes of the processing are determined, explicit, and legitimate.\u003C/p>",{"id":87,"slug":88,"label":89,"tooltipHtml":9,"descriptionHtml":90,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"29d53ff8-37fa-41d6-a9f2-8d437bd63560","what-is-the-legal-basis-that-makes-your-processing-lawful","What is the legal basis that makes your processing lawful?","\u003Cp>Specify the legal basis associated with your processing — for example, consent, legal obligation, or legitimate interest.\u003C/p>",{"id":92,"slug":93,"label":94,"tooltipHtml":9,"descriptionHtml":95,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"03c731a9-97e5-4e06-9dd7-25148c995265","are-the-data-collected-adequate-relevant-and-limited-to-what-is-necessary-for-t","Are the data collected adequate, relevant, and limited to what is necessary for the purposes for which they are processed (data minimization)?","\u003Cp>Explain how each data item is necessary to achieve the purposes of the processing.\u003C/p>",{"id":97,"slug":98,"label":99,"tooltipHtml":9,"descriptionHtml":100,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"b1d4d999-dfcd-4986-82d9-9aead4473a86","are-the-data-accurate-and-kept-up-to-date","Are the data accurate and kept up to date?","\u003Cp>Describe the measures implemented to ensure data quality.\u003C/p>",{"id":102,"slug":103,"label":104,"tooltipHtml":9,"descriptionHtml":105,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"54bcb408-df66-482f-81b0-188cfffb3e0c","what-are-the-data-retention-periods","What are the data retention periods?","\u003Cp>Explain how the planned retention period for each data item is necessary to fulfill the purposes of the processing.\u003C/p>",{"id":107,"slug":108,"label":109,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":110,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"9e8687a7-ee71-4f83-ada3-449fc589d780","how-do-you-assess-the-measures-implemented-1","How do you assess the measures implemented?",[111,114,118],{"id":112,"color":48,"rangeValue":9,"label":113,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ef1aa5ea-5afc-4369-8b1f-73c3b858ab39","Acceptable",{"id":115,"color":116,"rangeValue":9,"label":117,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"743e1cea-d99b-4736-8cfa-cea587aa9163","#946A2F","To be improved",{"id":119,"color":120,"rangeValue":9,"label":121,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"99331f1c-3238-418d-9eec-dc41995a1c31","#C6DD8C","Not acceptable",{"id":123,"slug":124,"label":125,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"9a48431d-4a42-4591-b6a8-d480735440e1","why-is-the-use-of-ai-justified-in-relation-to-the-purpose-pursued","Why is the use of AI justified in relation to the purpose pursued?",{"id":127,"slug":128,"label":129,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":130,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"b64be4d0-cc3e-429b-bf87-1ee87e542edc","have-less-intrusive-alternatives-been-considered-eg-non-ai-manual-processing","Have less intrusive alternatives been considered (e.g. non-AI, manual processing)?",[131,134],{"id":132,"color":133,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"2c9b7cf8-085a-44c7-9949-3c7740e43588","#6689A1",{"id":135,"color":136,"rangeValue":9,"label":49,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c161686c-a12f-41d4-bced-c11b5f030cb0","#F4D01D",{"id":138,"slug":139,"label":140,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"1c59b93d-633b-456b-8c1e-c29914e834b7","if-yes-which-ones","If yes, which ones?",[],{"id":143,"slug":144,"label":145,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":146,"sections":231},"66426f36-537e-4d7c-a925-6241f9a62621","protective-measures-for-rights","Protective measures for rights",[147,152,157,162,166,170,175,180,193,204,215],{"id":148,"slug":149,"label":150,"tooltipHtml":9,"descriptionHtml":151,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"d28d9b00-e00f-49d9-8f26-8d234eedd5b6","how-are-data-subjects-informed-about-the-processing-transparency","How are data subjects informed about the processing? (transparency)","\u003Cp>Indicate here the methods used to inform data subjects (data charter, forms, etc.) and the content of the information provided.\u003C/p>",{"id":153,"slug":154,"label":155,"tooltipHtml":9,"descriptionHtml":156,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"6b6fa7e4-13b1-40fd-ab9c-a489b0660cd4","if-applicable-how-is-the-consent-of-data-subjects-obtained","If applicable, how is the consent of data subjects obtained?","\u003Cp>Indicate here the methods used to collect consent.\u003C/p>",{"id":158,"slug":159,"label":160,"tooltipHtml":9,"descriptionHtml":161,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"b9c7e8b3-77a8-4e69-a506-c481d4e95f77","how-can-data-subjects-exercise-their-right-of-access-and-right-to-data-portabil","How can data subjects exercise their right of access and right to data portability?","\u003Cp>Indicate here the procedures for exercising these rights.\u003C/p>",{"id":163,"slug":164,"label":165,"tooltipHtml":9,"descriptionHtml":161,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"1df5212d-bb71-45e5-89e2-b90cfde00568","how-can-data-subjects-exercise-their-right-to-rectification-and-right-to-erasur","How can data subjects exercise their right to rectification and right to erasure (right to be forgotten)?",{"id":167,"slug":168,"label":169,"tooltipHtml":9,"descriptionHtml":161,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"6e46b5ab-9991-459b-bf7e-4a49992ac81e","how-can-data-subjects-exercise-their-right-to-restriction-and-right-to-object","How can data subjects exercise their right to restriction and right to object?",{"id":171,"slug":172,"label":173,"tooltipHtml":9,"descriptionHtml":174,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"d3944a1e-437c-41a5-aec5-1e8724cb8823","are-the-obligations-of-processors-clearly-defined-and-contractually-established","Are the obligations of processors clearly defined and contractually established?","\u003Cp>A data processing agreement must be concluded with each processor, specifying all elements required under Article 28 of the GDPR.\u003C/p>",{"id":176,"slug":177,"label":178,"tooltipHtml":9,"descriptionHtml":179,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"429fb0a9-ae8d-4a95-9eec-faaf889e2ae9","in-case-of-data-transfers-outside-the-european-union-are-the-data-protected-in","In case of data transfers outside the European Union, are the data protected in an equivalent manner?","\u003Cp>Specify the country of transfer and the transfer mechanism used.\u003C/p>",{"id":181,"slug":182,"label":109,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":183,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"da4c7177-972d-40da-a043-a3769fb28630","how-do-you-assess-the-measures-implemented",[184,187,190],{"id":185,"color":186,"rangeValue":9,"label":113,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6917ca16-1559-4d34-bd7f-ccb92c1dcb4a","#A1F423",{"id":188,"color":189,"rangeValue":9,"label":117,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"3d879b72-1ff2-46ff-8152-d17e0295ded0","#821B3C",{"id":191,"color":192,"rangeValue":9,"label":121,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b5e06f8f-dd86-4fc0-8cf3-abec40ca1fff","#BE5C1F",{"id":194,"slug":195,"label":196,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":197,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"c05895c3-1220-47b0-bfc5-390f5177e2c7","are-individuals-explicitly-informed-about-the-use-of-ai","Are individuals explicitly informed about the use of AI?",[198,201],{"id":199,"color":200,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"42b4576f-4f97-44fd-b2ff-517a532c3184","#CA070D",{"id":202,"color":203,"rangeValue":9,"label":49,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c23e8799-f4a0-49b3-8c6c-102f44790cac","#8D37F5",{"id":205,"slug":206,"label":207,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":208,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"93f7a340-213f-44e5-ab1d-beab8a75b4ae","is-human-intervention-guaranteed","Is human intervention guaranteed?",[209,212],{"id":210,"color":211,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"bb57ecf1-1068-4a05-be51-1f7cac8d4f95","#E0C658",{"id":213,"color":214,"rangeValue":9,"label":49,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ebdb5ba6-a112-455e-8fca-adff969a18ef","#10CD66",{"id":216,"slug":217,"label":218,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":219,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"ab730982-2180-402d-9edb-2554cb6c5d34","does-the-system-enable-the-exercise-of-the-right-to-an-explanation-regarding-th","Does the system enable the exercise of the right to an explanation regarding the algorithmic logic?",[220,223,227],{"id":221,"color":222,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"394b842e-37aa-4780-972c-119567c4287d","#11E795",{"id":224,"color":225,"rangeValue":9,"label":226,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"027ce3c1-d43c-4a4d-8ae8-55d1cc004045","#E620B8","No ",{"id":228,"color":229,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b4e41c7d-664e-4507-9680-3b4ea4c28cf2","#453FB4","Limited",[],{"id":233,"slug":234,"label":235,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":236,"sections":306},"f4ac4f59-95a1-4e22-a9bb-a45d1f5f51cb","lawfulness-of-data-processing","Lawfulness of data processing",[237,244,248,252,262,286],{"id":238,"slug":239,"label":240,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"868863f3-07ae-4b20-b5c8-1f8096a01c74","what-could-be-the-main-impacts-on-data-subjects-if-the-risk-materialized-1","What could be the main impacts on data subjects if the risk materialized?","Tags",11,"Tags select",{"id":245,"slug":246,"label":247,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"06ec6655-d68d-48af-ac0a-02ca1c1871d5","1-what-are-the-main-threats-that-could-lead-to-the-occurrence-of-the-risk","What are the main threats that could lead to the occurrence of the risk?",{"id":249,"slug":250,"label":251,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"4c38b565-f9ff-46f4-95b0-f0bc9b012b55","2-what-are-the-sources-of-risk-that-could-be-at-its-origin","What are the sources of risk that could be at its origin?",{"id":253,"slug":254,"label":255,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":256,"typeIndex":257,"typeColor":9,"typeIcon":9,"typeText":258,"dynamicSelectType":259,"dynamicSelectTypeIndex":260,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":261,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"e61a470b-4fdd-4e1e-a1fc-de10091b2ca7","3-what-existing-measures-contribute-to-addressing-the-risk","What existing measures contribute to addressing the risk?","DynamicMultiple",13,"Multiple dynamic select (stakeholders, security measures...)","SecurityMeasure",1,"Measures",{"id":263,"slug":264,"label":265,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":266,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"428a995d-573f-4b99-9c26-b2932ddddf43","4-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i","How do you assess the severity of the risk, particularly in light of potential impacts and initial measures?",[267,271,275,278,282],{"id":268,"color":269,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"0eb8adb5-27a9-425d-b0c7-037de27a7af5","#2B02A8","(Not defined)",{"id":272,"color":273,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ed3cd75c-ac59-41c9-8fb1-74a0d4d0d706","#784000","Negligible",{"id":276,"color":277,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"14301211-41a7-41cb-b1fe-79186221c94a","#B33487",{"id":279,"color":280,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b489ec86-ad4e-450f-a9df-61118d5bafcc","#A968A8","Significant",{"id":283,"color":284,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a6e056e2-7329-4fa5-b145-d1a970ccab10","#25B792","Maximum",{"id":287,"slug":288,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":290,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"078162ed-31ef-4d44-bbdf-64685c509a2a","5-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so","How do you assess the likelihood of the risk, particularly in view of threats, sources of risk, and initial measures?",[291,294,297,300,303],{"id":292,"color":293,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a120e145-1a2c-4297-b3a8-93eac154dcad","#A97DDA",{"id":295,"color":296,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f7089784-dcd7-48ba-86ab-1c552da55e6a","#61DAA0",{"id":298,"color":299,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"42f7dba9-f749-4944-a1d9-4bf4b0a533cc","#3BB409",{"id":301,"color":302,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"def90db4-914a-4471-84ce-970fe26c7f78","#06CEB7",{"id":304,"color":305,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"9c275d26-9d3a-470d-8455-e79254c84372","#9BC78B",[],{"id":308,"slug":309,"label":310,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":311,"sections":362},"1b9dc2d4-583d-4cdd-92dd-125c1f1066e6","security-of-personal-data","Security of personal data",[312,315,318,321,324,343],{"id":313,"slug":314,"label":240,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"df43997c-120f-4c91-8595-d6dbf1912609","11-what-could-be-the-main-impacts-on-data-subjects-if-the-risk-materialized",{"id":316,"slug":317,"label":247,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"dce84564-4c5b-45fc-bdff-4f641bff9e6a","12-what-are-the-main-threats-that-could-lead-to-the-occurrence-of-the-risk",{"id":319,"slug":320,"label":251,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"6632c8ad-2490-461c-ac23-614fbac1652f","13-what-are-the-sources-of-risk-that-could-be-at-its-origin",{"id":322,"slug":323,"label":255,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":256,"typeIndex":257,"typeColor":9,"typeIcon":9,"typeText":258,"dynamicSelectType":259,"dynamicSelectTypeIndex":260,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":261,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"99902d8a-1e6f-49fe-a08d-a6b5177c436b","14-what-existing-measures-contribute-to-addressing-the-risk",{"id":325,"slug":326,"label":265,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":327,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"85c37541-8f87-4075-a34a-df299a1415ee","14-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[328,331,334,337,340],{"id":329,"color":330,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"22ea638c-cd9e-4896-82a2-2bde359e5c33","#2269C8",{"id":332,"color":333,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1be8f030-0aa6-4279-b16a-b0b8fc66afd2","#837C71",{"id":335,"color":336,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"8d5fc4af-1b76-4c5c-bbd3-ae6581b57294","#B2DFB9",{"id":338,"color":339,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"673929ab-adf5-472d-81d4-c947a0686287","#993C9E",{"id":341,"color":342,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c29ed318-216c-4928-b700-66f42afe880f","#E82456",{"id":344,"slug":345,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":346,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"6678bc1e-ab0d-42a1-ba8d-32e691fc9cee","15-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[347,350,353,356,359],{"id":348,"color":349,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"dcbef487-0ecc-464c-9c0b-455d015f5a03","#E6C390",{"id":351,"color":352,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"5c9c0492-b659-4881-8fea-a0e4c480fa8a","#CACD45",{"id":354,"color":355,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a1fea3d2-0114-48ea-b5a1-953e915c64d0","#0CB8AE",{"id":357,"color":358,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6f0f4e3b-8909-4a85-b5fa-a51d54fb0cc7","#FA4115",{"id":360,"color":361,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"2bf88068-436f-410c-b97d-fc201b2c2b31","#69A149",[],{"id":364,"slug":365,"label":366,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":367,"sections":416},"2bde2347-2b17-465d-9311-e170eb616dab","data-subjects-rights","Data subjects’ rights",[368,371,374,377,380,399],{"id":369,"slug":370,"label":240,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"ab614dd2-0582-4079-aae4-08ff2ccc6a60","21-what-could-be-the-main-impacts-on-data-subjects-if-the-risk-materialized",{"id":372,"slug":373,"label":247,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"40697ce0-74f8-4efd-a97f-73a5c3f910f8","22-what-are-the-main-threats-that-could-lead-to-the-occurrence-of-the-risk",{"id":375,"slug":376,"label":251,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"e35100dc-1753-4fce-9c61-450b197bec4a","23-what-are-the-sources-of-risk-that-could-be-at-its-origin",{"id":378,"slug":379,"label":255,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":256,"typeIndex":257,"typeColor":9,"typeIcon":9,"typeText":258,"dynamicSelectType":259,"dynamicSelectTypeIndex":260,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":261,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"22bb5709-fa12-4039-85c8-5d2f1b67f7d3","2-4what-existing-measures-contribute-to-addressing-the-risk",{"id":381,"slug":382,"label":265,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":383,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"c14ae6fa-13ee-4a4a-a67a-03368214a63c","2-5how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[384,387,390,393,396],{"id":385,"color":386,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"09323167-4b1f-4419-9ccf-f65f8f1f0ca3","#4583AB",{"id":388,"color":389,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c2052e4d-1340-4755-8da7-9a70a7ff7d04","#52B8DA",{"id":391,"color":392,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"53696ce7-80e3-4b3d-9d0d-17adb025ca4f","#B1730F",{"id":394,"color":395,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"daa0104a-de13-4eee-87cf-17b8ab4362c9","#F54263",{"id":397,"color":398,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"8a897bb3-b38b-4190-8e95-104e0b79e593","#970F88",{"id":400,"slug":401,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":402,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"65ae9e7b-b83c-47ec-bff7-6e7f628a563a","2-6how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[403,405,408,410,413],{"id":404,"color":280,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"db629691-7e03-44c7-b7ba-e3f9d50361e3",{"id":406,"color":407,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"71ed783a-f8c7-4969-a1c3-594c38d4b96a","#47A9E6",{"id":409,"color":189,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ef2c0a9c-719c-43d8-bee7-d4de3b4689ce",{"id":411,"color":412,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"5c1d8b49-e240-466b-9702-c7bd668157a6","#955089",{"id":414,"color":415,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"23cf73f7-98f0-48bb-a636-440df25846e1","#DCB389",[],{"id":418,"slug":419,"label":420,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":421,"sections":469},"0be19d47-f025-4303-ab8c-4b3f6a7792af","quality-and-lawfulness-of-training-data","Quality and lawfulness of training data",[422,425,428,431,434,451],{"id":423,"slug":424,"label":240,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"6641b06d-760e-4fb7-b11f-281df5a8fa85","3-1what-could-be-the-main-impacts-on-data-subjects-if-the-risk-materialized",{"id":426,"slug":427,"label":247,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"b130be9c-cc9e-4c0f-95c0-ea3db5bf828b","3-2what-are-the-main-threats-that-could-lead-to-the-occurrence-of-the-risk",{"id":429,"slug":430,"label":251,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"cb18c5fd-3879-4907-90db-3418a8f9112f","33-what-are-the-sources-of-risk-that-could-be-at-its-origin",{"id":432,"slug":433,"label":255,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":256,"typeIndex":257,"typeColor":9,"typeIcon":9,"typeText":258,"dynamicSelectType":259,"dynamicSelectTypeIndex":260,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":261,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"8a3bfd77-b040-40ca-a66d-55f96e879ae5","34-what-existing-measures-contribute-to-addressing-the-risk",{"id":435,"slug":436,"label":265,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":437,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"4a737cf3-6716-4c80-8da9-2d25d4c8b949","35-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[438,440,443,446,448],{"id":439,"color":358,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1b065132-56dd-4823-80c1-eb8ac62d9754",{"id":441,"color":442,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"efd90384-6d88-4ad0-9c2f-df0f94e15d19","#2CDE51",{"id":444,"color":445,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"762b1ba2-b8cf-491c-988d-b2ad38d0ed4d","#A12A56",{"id":447,"color":186,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"33aabe98-a327-43f6-886e-8cb176903358",{"id":449,"color":450,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"888db108-5ff8-466a-8ec8-1325486fb980","#1C9037",{"id":452,"slug":453,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":454,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"7a8ea587-5898-45f9-bb9f-e69094bacc4c","36-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[455,458,461,464,467],{"id":456,"color":457,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"dcdefb99-5f1f-4cd0-9348-46cc77dfda7e","#8E4CA8",{"id":459,"color":460,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f4d2a134-9c68-40f8-aad8-9d75ceb22d7c","#8A716A",{"id":462,"color":463,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c17c6d74-8877-4270-beaf-1739405b373f","#25BAEC",{"id":465,"color":466,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a146adf7-53a8-49c5-9069-1888957670f5","#C2C772",{"id":468,"color":293,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"eda083cb-325f-49a7-a99d-eff2ec8ac6a2",[],{"id":471,"slug":472,"label":473,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":474,"sections":524},"bd7ad68f-5ff0-4149-bdff-afa11685e281","unlawful-and-unsecured-transfer-of-personal-data","Unlawful and unsecured transfer of personal data",[475,478,481,484,487,506],{"id":476,"slug":477,"label":240,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"159be6da-be4c-4a3d-9ec9-8422629db2d1","what-could-be-the-main-impacts-on-data-subjects-if-the-risk-materialized",{"id":479,"slug":480,"label":247,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"db623d81-a25c-4f93-af8e-52f935313d8f","what-are-the-main-threats-that-could-lead-to-the-occurrence-of-the-risk",{"id":482,"slug":483,"label":251,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":241,"typeIndex":242,"typeColor":9,"typeIcon":9,"typeText":243,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"34613d40-8b0d-4841-9a49-bb35959ae1ea","what-are-the-sources-of-risk-that-could-be-at-its-origin",{"id":485,"slug":486,"label":255,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":256,"typeIndex":257,"typeColor":9,"typeIcon":9,"typeText":258,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"d5e28627-57dc-4ff5-bb95-c31aca305dda","what-existing-measures-contribute-to-addressing-the-risk",{"id":488,"slug":489,"label":265,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":490,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"916a789a-ddf7-4307-a837-5d0e16f63ee6","4-1how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[491,494,497,500,503],{"id":492,"color":493,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e4426b6a-e218-478a-9133-ca62a9a05f5c","#16AF48",{"id":495,"color":496,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"fe06ee29-e036-4910-b974-eea3296808b6","#EE5C83",{"id":498,"color":499,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"3491597c-303e-4cb4-af9c-07a2bc70938d","#AC0B24",{"id":501,"color":502,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"52a5c6fd-ed0e-496a-bc85-f8ef145cc9bf","#1A5EEF",{"id":504,"color":505,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"91c45a93-5e73-4696-9107-b8a8cf39b19a","#332496",{"id":507,"slug":508,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":509,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"9582711a-94ed-4f6e-b310-508fd26c2c4a","4-2how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[510,513,516,518,521],{"id":511,"color":512,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b0d947f9-21bd-48bc-ae8d-d3326963ae97","#108828",{"id":514,"color":515,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6b6c4eec-bc69-42c7-aa59-aa6d5a994bd6","#08F21A",{"id":517,"color":333,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"256bdf74-5415-4c47-abff-9c0a2f4a3b3d",{"id":519,"color":520,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"39fb4edd-a5cd-4cfa-9c15-36a0f169db1e","#FCAC64",{"id":522,"color":523,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a9ddd415-4237-4610-9c0f-683409c20ea5","#79BF6F",[],{"id":526,"slug":527,"label":528,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":529,"sections":644},"4cf42483-afde-4823-a899-dc18337e99a1","mitigation-measures-lawfulness-of-processing","Mitigation measures: lawfulness of processing",[530,551,564,601,607,625],{"id":531,"slug":532,"label":533,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":538,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"52d3e560-2945-42f5-bc93-97a112adda0b","security-measure-definition-and-limitation-of-purposes","Security measure: definition and limitation of purposes","\u003Cp>As both provider and deployer, it is important to verify that:\u003C/p>","Checkbox",8,"Multi choice list",[539,543,547],{"id":540,"color":541,"rangeValue":9,"label":542,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e48be1fc-6da7-4735-b6da-7806a55ec139","#4B19CF","Clearly define the purpose of the processing in relation to a specific, concrete, and proportionate objective.",{"id":544,"color":545,"rangeValue":9,"label":546,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1af7294e-b545-41ab-b168-d332e3195bfd","#164C75","Avoid vague or general purposes such as “improving an AI system”; specify the type of system (LLM, generative AI, etc.) and the intended functionalities.",{"id":548,"color":549,"rangeValue":9,"label":550,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"74676116-c241-4816-8659-66bb7406270b","#1CE1F9","Document the legal basis corresponding to each purpose.",{"id":552,"slug":553,"label":554,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":555,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"eba91045-a0ee-4675-9e20-5385d53cdfcb","security-measure-unlimited-data-retention","Security measure: unlimited data retention",[556,560],{"id":557,"color":558,"rangeValue":9,"label":559,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1c572003-1583-4e9e-a034-99ba68f71efd","#B6CE3F","As a user, deployer, or purchasing entity, establish agreements with third-party providers regarding the retention period of input and output data. This can be included in the service contract, product documentation, or data processing agreement.",{"id":561,"color":562,"rangeValue":9,"label":563,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"0333ff15-a870-49da-9207-0b36a0e0ee2c","#30A9BB","If data are stored on your premises, implement retention rules and/or a data deletion mechanism.",{"id":565,"slug":566,"label":567,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":568,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"e5419531-4933-4f75-8d4b-c2b353f4bfb9","security-measure-violation-of-the-data-minimization-principle","Security measure: violation of the data minimization principle",[569,573,577,581,585,589,593,597],{"id":570,"color":571,"rangeValue":9,"label":572,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"23fbc600-a3b9-4e0e-8d63-28d7b119aa78","#09C05E","Regularly review data collection and automatically delete data when they are no longer necessary.",{"id":574,"color":575,"rangeValue":9,"label":576,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"14e41eb2-9a40-443e-ab4f-35d10b52594c","#2CC8E7","Replace identifiable data with anonymized or pseudonymized alternatives immediately after collection.",{"id":578,"color":579,"rangeValue":9,"label":580,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e300fb2f-8b07-4fcc-9a7d-fe03817c4b90","#CBE07F","Apply Privacy by Design principles at every stage of development by integrating data minimization measures.",{"id":582,"color":583,"rangeValue":9,"label":584,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"32b36f8d-b0f5-4123-bea3-471669ae4f09","#706C48","Exclude data collection from websites that prohibit web scraping (e.g., robots.txt or ai.txt files).",{"id":586,"color":587,"rangeValue":9,"label":588,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"89901847-eebc-4a25-89e4-ccc9465a11fb","#22B2DE","Limit collection to data that are freely accessible and clearly made public by the data subjects.",{"id":590,"color":591,"rangeValue":9,"label":592,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"177b2ce4-041f-47c6-87c6-c0d82b7f158e","#BD0F52","Avoid combining data based on individual identifiers unless explicitly necessary and justified for AI system development.",{"id":594,"color":595,"rangeValue":9,"label":596,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"0d30b6d8-a51f-4278-ba73-e5fce79dfd4e","#7D276A","Raise user awareness to provide only essential data in their inputs and communicate transparently about data usage.",{"id":598,"color":599,"rangeValue":9,"label":600,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b0db7e24-f26a-4313-9632-31ba19274294","#FC59ED","Assess whether the processing of personal data is strictly necessary for the intended purpose by exploring less intrusive alternatives (e.g., synthetic or anonymized data) and ensuring that the volume of data processed is proportionate to the objective.",{"id":602,"slug":603,"label":604,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"1e911b71-b48e-4b6f-a359-c46518cec299","111-provide-details-on-the-action-plan-you-intend-to-implement","Provide details on the action plan you intend to implement","LongText","Long text",{"id":608,"slug":609,"label":610,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":611,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"38f97a7e-46c2-47d3-82df-8c214268f55c","112-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i","How do you assess the severity of the risk, particularly in light of potential impacts and envisaged measures?",[612,615,618,620,622],{"id":613,"color":614,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"d1475fa5-fd20-431c-95d3-1fd4f2ba3848","#5978BA",{"id":616,"color":617,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f25f3862-bc5b-4709-9018-a66671fe77b5","#0F3DA6",{"id":619,"color":277,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f35813d9-0b09-44eb-886d-f1421c9f39e0",{"id":621,"color":293,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"4f1724a9-ff2c-484c-9889-f25e6e7bdba3",{"id":623,"color":624,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"99d4c373-83ab-437e-a8f8-fc563d02a8e3","#5FF3F9",{"id":626,"slug":627,"label":628,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":629,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"debb2055-5462-4bd0-bda9-59d38b3944b8","113-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so","How do you assess the likelihood of the risk, particularly in view of threats, sources of risk, and envisaged measures?",[630,633,636,639,641],{"id":631,"color":632,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6f2b17dc-dd5b-44a9-bc44-40de7d5c4da5","#206C77",{"id":634,"color":635,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"d3df56ec-b84d-418c-9dfb-b3280239d761","#3F364C",{"id":637,"color":638,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6713ab99-7a97-4a54-8b74-dd75a8eacf13","#2E2836",{"id":640,"color":493,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"311b81df-f837-43bd-9bf5-d7a92673b2a3",{"id":642,"color":643,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"90c10b99-a0e6-42f1-80b5-fff6aa7fa7ab","#ED62BE",[],{"id":646,"slug":647,"label":648,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":649,"sections":698},"d25a1b7b-3d77-4e10-ba56-e6b3b89bbabf","mitigation-measures-security-of-personal-data","Mitigation measures: security of personal data",[650,659,662,680],{"id":651,"slug":652,"label":653,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":654,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"00fbbf81-1f1f-4d90-bf7b-4cb5c69e5640","recommended-mitigation-measures-for-the-risk-insufficient-data-protection","Recommended mitigation measures for the risk: insufficient data protection",[655],{"id":656,"color":657,"rangeValue":9,"label":658,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"5faa4e45-54c6-4a41-b676-e69e24b65ff1","#C5FD38","Les API sont mises en œuvre de manière sécurisée (utiliser des passerelles API avec limitation du débit et capacités de surveillance pour contrôler et suivre l’accès).,La transmission des données est protégée par des protocoles de chiffrement appropriés et les données au repos sont également chiffrées.,Un mécanisme de contrôle d’accès adéquat est en place.,Des mesures d’anonymisation et de pseudonymisation des données personnelles sont mises en œuvre, ainsi que des techniques de masquage ou l’utilisation de données synthétiques.,Des mesures techniques et organisationnelles supplémentaires (TOMs) sont appliquées pour renforcer la sécurité.,Une approche Defense in Depth peut être mise en œuvre en combinant plusieurs mesures de mitigation pour éviter les points de défaillance uniques.,Pour réduire le risque de mémorisation, appliquer des techniques de confidentialité différentielle pour empêcher l’encodage de données sensibles et tester régulièrement la régurgitation de données. L’utilisation de modèles plus petits peut aussi limiter l’effet de mémorisation des modèles surparamétrés.,Des mesures doivent être prévues pour protéger contre les menaces internes, atténuer les risques liés à la chaîne d’approvisionnement pouvant donner accès aux données d’entraînement et/ou aux clés de chiffrement, ainsi que pour prévenir les risques associés aux menaces spécifiques des LLM, telles que l’inférence de membres, l’inversion de modèle et les attaques par empoisonnement.,Des journaux d’accès et de modification doivent être établis pour documenter l’accès et les changements aux enregistrements numérisés. Les employés et utilisateurs doivent être formés aux bonnes pratiques de sécurité.,Les systèmes RAG efficaces nécessitent un alignement précis du modèle pour éviter tout accès non autorisé et toute exposition de données sensibles.,L’intégration avec plusieurs sources de données exige des mesures de sécurité robustes pour garantir la confidentialité et l’intégrité des données, tout en respectant les principes de protection des données tels que la nécessité et la proportionnalité.,Pour les modèles RAG externalisés impliquant le transfert de données personnelles, la conformité aux règles de transfert de données du RGPD est cruciale pour maintenir la confidentialité et respecter les obligations légales.",{"id":660,"slug":661,"label":604,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"d5d4e966-3f84-498d-92c9-130b2bf233f5","221-provide-details-on-the-action-plan-you-intend-to-implement",{"id":663,"slug":664,"label":610,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":665,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"50e427d9-5f43-4db2-81fd-853c20862a36","222-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[666,669,672,674,677],{"id":667,"color":668,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a9400a23-6da7-4579-8c83-d90ce334da2d","#3F949E",{"id":670,"color":671,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f5099aaf-b4c4-4668-ac4e-f0ce1a5f2ada","#34FE56",{"id":673,"color":269,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"89eda261-e545-4f87-8df9-81f1965c8827",{"id":675,"color":676,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1dfa95eb-8fae-48fb-9d61-2c77dda15b66","#53431C",{"id":678,"color":679,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"49225fee-52d6-40af-aab3-c1d4cb49a29d","#ADA564",{"id":681,"slug":682,"label":628,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":683,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"e8d20ca9-5cb2-45b3-9ff8-0be4a901e1be","223-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[684,687,690,693,696],{"id":685,"color":686,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f3b651f0-c5af-44d7-8843-ff4c99eb5875","#D33716",{"id":688,"color":689,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e2698ccb-3eec-4f4a-9aa0-87cde3518447","#8DA270",{"id":691,"color":692,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"aa420f30-af2d-46e8-a54f-c430805b731f","#608397",{"id":694,"color":695,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"629f740e-d27b-49df-a339-c96b937da26b","#EA85E7",{"id":697,"color":499,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"98af5320-13d6-408b-b0cc-33f1ec3ac281",[],{"id":700,"slug":701,"label":702,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":703,"sections":839},"0951db7d-4ca2-4665-9e85-7bec9e4ae475","mitigation-measures-data-subjects-rights","Mitigation measures: data subjects’ rights",[704,754,781,803,806,823],{"id":705,"slug":706,"label":707,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":708,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"05ab35a6-a768-4431-99e0-411d7d48d581","security-measure-absence-of-human-intervention","Security measure: absence of human intervention",[709,713,716,719,723,727,731,735,738,742,746,750],{"id":710,"color":711,"rangeValue":9,"label":712,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"34b46a97-c937-4cac-8682-da269f9b8f52","#56DB2F","APIs are implemented securely (using API gateways with rate limiting and monitoring capabilities to control and track access).",{"id":714,"color":632,"rangeValue":9,"label":715,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"04c02e56-68f4-417f-bcbb-5c59d80dfa5a","Data transmission is protected by appropriate encryption protocols, and data at rest are also encrypted.",{"id":717,"color":120,"rangeValue":9,"label":718,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"dd999d82-a9fc-4091-a503-dc1bc4f9472f","An appropriate access control mechanism is in place.",{"id":720,"color":721,"rangeValue":9,"label":722,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ad01e6c5-cc77-496e-bd1d-8baa68bc778f","#DC57B9","Anonymization and pseudonymization measures are implemented for personal data, along with masking techniques or the use of synthetic data.",{"id":724,"color":725,"rangeValue":9,"label":726,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"8b0ad58e-c033-41f8-828a-c89b32e3afc8","#A05366","Additional technical and organizational measures (TOMs) are applied to strengthen security.",{"id":728,"color":729,"rangeValue":9,"label":730,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"46818d70-5664-4259-b182-8d7bb1d20f06","#A6287B","A Defense in Depth approach can be implemented by combining multiple mitigation measures to avoid single points of failure.",{"id":732,"color":733,"rangeValue":9,"label":734,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a25617ac-22e2-4f57-ac05-1702d43bb5c1","#80CC14","To reduce the risk of memorization, apply differential privacy techniques to prevent the encoding of sensitive data and regularly test for data regurgitation. Using smaller models can also help limit the memorization effects of overparameterized models.",{"id":736,"color":721,"rangeValue":9,"label":737,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"37291629-7807-447f-b03b-8439d8d8fbd8","Measures must be implemented to protect against insider threats, mitigate supply chain risks that could expose training data and/or encryption keys, and prevent risks associated with LLM-specific threats such as membership inference, model inversion, and poisoning attacks.",{"id":739,"color":740,"rangeValue":9,"label":741,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e1a6dddc-2dd3-4ee1-be2e-81fe891fac6e","#31865C","Access and modification logs must be established to document access to and changes in digital records. Employees and users must be trained in good security practices.",{"id":743,"color":744,"rangeValue":9,"label":745,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"cec91978-345b-43f0-a898-08064d43f993","#3C0A98","Effective RAG systems require precise model alignment to prevent unauthorized access and exposure of sensitive data.",{"id":747,"color":748,"rangeValue":9,"label":749,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c6d63dea-20ea-4d87-9971-754a06d0bfc9","#BE5EBE","Integration with multiple data sources requires robust security measures to ensure confidentiality and data integrity while respecting data protection principles such as necessity and proportionality.",{"id":751,"color":752,"rangeValue":9,"label":753,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c59a29a0-62e1-4c4e-a5e4-7f06a22dfaaa","#58D094","For outsourced RAG models involving personal data transfers, compliance with GDPR data transfer rules is essential to maintain confidentiality and meet legal obligations.",{"id":755,"slug":756,"label":757,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":758,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"0aaa441d-e497-4629-af75-9c7423421ee1","security-measure-no-human-intervention-for-significant-processing","Security measure: no human intervention for significant processing",[759,763,766,769,773,777],{"id":760,"color":761,"rangeValue":9,"label":762,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"fd891774-adda-4d7c-9b14-979b1203190d","#4CDFB3","Integrate human oversight into decision-making processes when the outputs of LLMs may have legal or significant consequences for individuals. This includes ensuring that automated decisions are reviewed by qualified personnel capable of assessing the accuracy, fairness, and relevance of the results.",{"id":764,"color":599,"rangeValue":9,"label":765,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e933cceb-a73d-408d-a863-a9ea8f461c80","Establish clear escalation procedures for cases where automated results appear ambiguous, erroneous, or potentially harmful.",{"id":767,"color":229,"rangeValue":9,"label":768,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"75c625f1-79dc-4355-bfbd-26b9b87be8fd","Design systems to flag high-risk outcomes and require human intervention before any action is taken.",{"id":770,"color":771,"rangeValue":9,"label":772,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6e35c790-3d48-407b-8ff5-5ba3c46a181c","#F035CB","Implement transparency mechanisms to inform data subjects about the use of LLMs, the model’s capabilities and limitations, the processing of personal data through the model, and their right to contest decisions or request human review.",{"id":774,"color":775,"rangeValue":9,"label":776,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"5a045680-bcfd-4786-831d-c988c1d40bb8","#157DFC","Provide regular training for personnel responsible for oversight to strengthen compliance and accountability.",{"id":778,"color":779,"rangeValue":9,"label":780,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a3edcc57-9edf-45e0-8863-c17f744fab4b","#4982A3","Apply the Article 29 Working Party (WP29) Guidelines on Automated Individual Decision-Making and Profiling under Regulation 2016/679, as revised and adopted on 6 February 2018, and endorsed by the EDPB on 25 May 2018. Also refer to the CJEU judgment of 7 December 2023, Case C-634/21, SCHUFA Holding and Others (ECLI:EU:C:2023:957).",{"id":782,"slug":783,"label":784,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":785,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"096d57ed-cab2-42e4-af1a-9bf78f903cc2","security-measure-refusal-to-grant-data-subjects-their-rights","Security measure: refusal to grant data subjects their rights",[786,790,793,796,799],{"id":787,"color":788,"rangeValue":9,"label":789,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c4f40818-9740-4d7c-8ac9-c19559c71800","#77B947","The right to object under Article 21 of the GDPR applies when the legal basis is legitimate interest and must be ensured. In such cases, providers must implement mechanisms to enable the exercise of this right.",{"id":791,"color":711,"rangeValue":9,"label":792,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f19a3803-08b7-48c1-a422-ceb00579e1d8","To mitigate non-compliance with the GDPR regarding the rights to rectification and erasure, explore machine unlearning techniques, which aim to remove the influence of specific data from a trained model upon request, addressing issues related to data use, low-quality inputs, or outdated information.",{"id":794,"color":133,"rangeValue":9,"label":795,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ce7ebf0d-1b0e-4a07-b21c-7ee059c9710a","Implement mechanisms for deleting personal data (e.g., names), ensuring their complete removal independently of context across the dataset. This approach may result in deleting the name for all individuals sharing the same identifier, regardless of context.",{"id":797,"color":333,"rangeValue":9,"label":798,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"685fc5b0-48b0-4402-b7d0-cb5f7be0bc94","Regarding Article 21 of the GDPR, it is crucial to establish mechanisms to respond to objections to processing based on legitimate interest.",{"id":800,"color":801,"rangeValue":9,"label":802,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"d40da738-d52c-45e0-bd30-8a8a57a1a5b4","#DFB809","For erasure requests under Article 17 of the GDPR, assess whether personal data can be identified or derived from the AI model and implement technical deletion where possible, including through post-training adjustments.",{"id":804,"slug":805,"label":604,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"58b44618-a7c1-4ade-a8a7-01e4f60a88f1","331-provide-details-on-the-action-plan-you-intend-to-implement",{"id":807,"slug":808,"label":610,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":809,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"9103d8b4-7549-41ef-a948-89f140139a5b","332-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[810,812,814,817,820],{"id":811,"color":293,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"d8c46c29-fe20-49d9-961c-5568d9bdbc01",{"id":813,"color":515,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"bf0bc367-fb8e-4d87-af8c-178745292e16",{"id":815,"color":816,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"a9eb0993-0085-4e19-89ff-b5ba3d7cca1b","#78BE40",{"id":818,"color":819,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"dac89a92-a1c1-44d8-8f3c-d70b218e9c8f","#B62770",{"id":821,"color":822,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"30bb292f-82f6-45ab-9a7a-375d8a46e723","#197BBD",{"id":824,"slug":825,"label":628,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":826,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"739650b6-0074-4da0-9313-a79451b07c85","333-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[827,830,832,834,837],{"id":828,"color":829,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"9a7fd5b0-20eb-47fb-8fea-b99a83e46f2f","#D96CD6",{"id":831,"color":775,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1011b6fe-4e64-4f56-8b00-89c307c20d38",{"id":833,"color":668,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"0873407f-61d6-495e-96fd-8147b9f34e80",{"id":835,"color":836,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"4a03e2a5-e560-408e-9f19-d3f50b57ee86","#1D233C",{"id":838,"color":541,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6315f8f9-954b-4f61-9b18-6294e92bce7a",[],{"id":841,"slug":842,"label":843,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":844,"sections":978},"3e4313f2-97cf-4bc9-9e7f-f1710b5c126d","mitigation-measures-quality-and-lawfulness-of-training-data","Mitigation measures: quality and lawfulness of training data",[845,870,923,942,945,963],{"id":846,"slug":847,"label":848,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":849,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"41728d72-9237-4f1a-822f-8bde26ade159","security-measure-incorrect-classification-of-training-data","Security measure: incorrect classification of training data",[850,854,858,862,866],{"id":851,"color":852,"rangeValue":9,"label":853,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"69582765-959a-4dd3-83e6-d2af634ad0a3","#B21A40","Implement robust testing and validation processes to ensure that personal data associated with training data cannot be extracted from the model by reasonable means and that model outputs do not allow linking or identifying individuals whose data were used during training.",{"id":855,"color":856,"rangeValue":9,"label":857,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"5db20dda-189d-42fa-9cf6-083256911c29","#A07C40","This assessment must be carried out taking into account “all means reasonably likely to be used.”",{"id":859,"color":860,"rangeValue":9,"label":861,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c14c7820-4a39-4afe-8018-bffe90f14bfe","#52F643","Implement alternative approaches to anonymization if they provide an equivalent level of protection while ensuring compliance with the state of the art.",{"id":863,"color":864,"rangeValue":9,"label":865,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"7beaa021-0ea0-43e1-a2e5-30d1090abd28","#5B064C","Conduct structured tests against the most recent attacks, such as attribute inference, membership inference, exfiltration, training data regurgitation, model inversion, or reconstruction attacks.",{"id":867,"color":868,"rangeValue":9,"label":869,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"3b1892f9-feea-4eef-a9c4-25547d0826ac","#8438C4","Document and retain evidence demonstrating compliance with these protection measures, in accordance with the accountability obligations set out in Article 5(2) of the GDPR.",{"id":871,"slug":872,"label":873,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":874,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"5265c53e-c0c3-4b29-9011-feec58f88faf","security-measure-unlawful-processing-of-training-data","Security measure: unlawful processing of training data",[875,879,883,886,890,894,898,902,905,909,913,916,920],{"id":876,"color":877,"rangeValue":9,"label":878,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6942a9bb-f19e-4301-b8a5-37c92de847ba","#888919","Document all training data sources (e.g., book databases, websites) to ensure accountability in accordance with Article 5(2) of the GDPR.",{"id":880,"color":881,"rangeValue":9,"label":882,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"80d04d8d-6d18-4163-a578-171d5f2f4178","#7B1AA8","Review training data to detect potential statistical distortions or biases and perform necessary adjustments.",{"id":884,"color":339,"rangeValue":9,"label":885,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"8d86e4f8-8a99-4403-9172-52e20ec73b69","Exclude any unauthorized content from training data, such as misinformation, hate speech, or conspiracy theories.",{"id":887,"color":888,"rangeValue":9,"label":889,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1af447a6-e2b5-4a6d-8f20-55fa9d8c9674","#886121","Exclude content from publications likely to contain personal data that may pose risks to individuals or groups, especially those vulnerable to abuse, prejudice, or harm.",{"id":891,"color":892,"rangeValue":9,"label":893,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b2befc63-7d6f-4dfa-9abf-fa18e2af07bb","#9B2908","Remove unnecessary personal data (e.g., credit card numbers, email addresses, names) from training datasets.",{"id":895,"color":896,"rangeValue":9,"label":897,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"d7e0022f-6cda-444e-b238-f977d3b60b61","#08F996","Adopt methodological choices that significantly reduce or eliminate identifiability, such as using regularization methods to improve model generalization and minimize overfitting.",{"id":899,"color":900,"rangeValue":9,"label":901,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"64205fbe-74d8-4d2a-96e2-6da03278dc83","#99C691","Implement robust privacy-preserving techniques, such as differential privacy.",{"id":903,"color":864,"rangeValue":9,"label":904,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"51062698-43ba-40b5-91d6-828aa50be425","Ensure compliance with Article 6(1)(f) of the GDPR by conducting a thorough legal assessment.",{"id":906,"color":907,"rangeValue":9,"label":908,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c8d78bd7-4742-4148-9b9e-8b14ce827c7f","#F912EE","Involve the DPO in the balancing test where applicable.",{"id":910,"color":911,"rangeValue":9,"label":912,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ec74851f-d50f-4db5-beaf-be579c8a8ab7","#968006","For web scraping, assess whether the exemption provided in Article 14(5)(b) of the GDPR applies, ensuring that all conditions are met to justify the lack of individual notice to each data subject.",{"id":914,"color":668,"rangeValue":9,"label":915,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6a5bfef1-1aa5-424b-be4a-32c7cdecdfca","Provide publicly available and easily accessible information going beyond the GDPR requirements of Articles 13 and 14, including details on collection criteria and datasets used, with particular attention to the protection of children and vulnerable persons.",{"id":917,"color":918,"rangeValue":9,"label":919,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c222da81-555e-4f85-ba2e-4d900164e455","#4D7C0A","Use innovative approaches to inform data subjects, such as media campaigns, email notifications, visualizations, FAQs, transparency labels, model cards, or voluntary transparency reports.",{"id":921,"color":358,"rangeValue":9,"label":922,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"185e1765-4d04-43c6-8c4d-f9087b62df32","Establish an opt-out list managed by the data controller, allowing data subjects to object to the collection of their data from certain websites or sources.",{"id":924,"slug":925,"label":926,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":927,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"4148d15c-cad5-47b9-8769-d3450b4c7915","security-measure-unlawful-processing-of-sensitive-or-criminal-data","Security measure: unlawful processing of sensitive or criminal data",[928,932,936,939],{"id":929,"color":930,"rangeValue":9,"label":931,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"9c671f23-f576-4b98-8fa7-a626b52db8ab","#1C8458","For the lawful processing of special categories of personal data, ensure that an exception provided under Article 9(2) of the GDPR applies.",{"id":933,"color":934,"rangeValue":9,"label":935,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1136668e-a95a-4a3f-a4ce-53c3b13cd583","#FC9E2D","When relying on Article 9(2)(e), verify that the data subject has made their data public explicitly and intentionally, through a clear affirmative action. The mere fact that personal data are publicly accessible is not sufficient to demonstrate that the person has manifestly made them public.",{"id":937,"color":358,"rangeValue":9,"label":938,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"6dd91a6d-cab3-4a30-b1af-a6d1ce84fe4d","Given the difficulty of assessing each case individually in large-scale web scraping, implement filtering measures to exclude data falling under Article 9(1) of the GDPR, both at the time of collection and immediately afterward.",{"id":940,"color":277,"rangeValue":9,"label":941,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"8d75a0db-3ac2-47fe-bea0-773b2250c444","Maintain thorough documentation and evidence demonstrating the implementation of these measures, to comply with the accountability obligations set out in Articles 5(2) and 24 of the GDPR.",{"id":943,"slug":944,"label":604,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"78b1c916-0d0b-4d19-98d6-5e805b7dbb45","441-provide-details-on-the-action-plan-you-intend-to-implement",{"id":946,"slug":947,"label":610,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":948,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"312b6abf-2ea1-4768-8f24-a74e31016d2f","442-how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[949,951,954,957,960],{"id":950,"color":284,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"e3b0a33a-bb2e-4f91-a78e-d30459a13054",{"id":952,"color":953,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"cc3537fa-ed6e-415e-a24c-969cdf7a4c01","#D884BF",{"id":955,"color":956,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"86a38764-606b-4024-8a76-57492e86c8ec","#11CC54",{"id":958,"color":959,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b6ecb05b-cc60-4880-a9e6-751eebd93825","#431635",{"id":961,"color":962,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"653d3cbe-31d6-4d82-8617-e36ba1733142","#41BBEB",{"id":964,"slug":965,"label":628,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":966,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"91abedaf-b0fe-4294-8bbd-34b7dc87c6d6","443-how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[967,969,971,973,976],{"id":968,"color":761,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"57a0fdbb-2f7d-416e-ac11-5706d311fafb",{"id":970,"color":229,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"73fe2579-2dbb-4f1a-af88-63db954e43b1",{"id":972,"color":445,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"facc0a77-ed0e-49f2-b3fa-379c6fdd28e6",{"id":974,"color":975,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b19f21ab-083a-4266-8745-1b56f399cc42","#D1349D",{"id":977,"color":892,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"4daefc85-3b1c-4a85-8feb-f2c234c1b8af",[],{"id":980,"slug":981,"label":982,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":983,"sections":1043},"85f4ad77-8bb5-4247-be05-7921a6d5ded9","mitigation-measures-unlawful-and-unsecured-data-transfer","Mitigation measures: unlawful and unsecured data transfer",[984,1005,1008,1025],{"id":985,"slug":986,"label":987,"tooltipHtml":9,"descriptionHtml":534,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":535,"typeIndex":536,"typeColor":9,"typeIcon":9,"typeText":537,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":988,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"a847f668-ca91-4f16-a33d-a28d5cfca4aa","security-measure-unlawful-transfer-of-personal-data","Security measure: unlawful transfer of personal data",[989,993,997,1001],{"id":990,"color":991,"rangeValue":9,"label":992,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"89a4528f-bef5-4926-a06e-0a7bf40f5f26","#A2542F","As a user, deployer, or purchasing entity, verify with the provider where data processing takes place.",{"id":994,"color":995,"rangeValue":9,"label":996,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"1ad1a326-824d-4c5c-8a01-0748e93839dc","#1F039A","Carry out the necessary due diligence regarding safeguards and, if required, conduct a Data Transfer Impact Assessment (DTIA).",{"id":998,"color":999,"rangeValue":9,"label":1000,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"4b0fee6b-e31d-48f4-9098-d154449bfee6","#D208A2","Enter into the appropriate contractual agreements.",{"id":1002,"color":1003,"rangeValue":9,"label":1004,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"2d875134-dae4-485c-b65f-02743c40882a","#F08D35","Take this risk into account when choosing between different providers.",{"id":1006,"slug":1007,"label":604,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"675046aa-f348-4a65-a240-e06cdc29a819","provide-details-on-the-action-plan-you-intend-to-implement",{"id":1009,"slug":1010,"label":610,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":1011,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"25df5f29-6a15-4593-89ef-a6e16634525e","how-do-you-assess-the-severity-of-the-risk-particularly-in-light-of-potential-i",[1012,1015,1017,1020,1022],{"id":1013,"color":1014,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"559775ea-5061-48d2-a052-daf2bb6af64b","#9AA17B",{"id":1016,"color":273,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"b772f56f-4c5d-432d-82eb-481c3a9e9684",{"id":1018,"color":1019,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c1af6325-962f-4107-bbbb-06a7765a4e72","#6F5E44",{"id":1021,"color":415,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"740975f6-5400-4a4e-a4ea-fd5a9fa1c8f9",{"id":1023,"color":1024,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"402177af-a0cc-46d3-b48a-7107ab212a7c","#173C12",{"id":1026,"slug":1027,"label":628,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":1028,"listQuestions":9,"required":23,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"8d61542c-8dd9-40d5-8427-581be6b8de34","how-do-you-assess-the-likelihood-of-the-risk-particularly-in-view-of-threats-so",[1029,1031,1034,1037,1040],{"id":1030,"color":389,"rangeValue":9,"label":270,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"f00a9161-d748-4693-8538-4b2d16bbac27",{"id":1032,"color":1033,"rangeValue":9,"label":274,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"c7ad8211-dbe5-4e2b-a72d-5a7d5abbcb1a","#4085FC",{"id":1035,"color":1036,"rangeValue":9,"label":230,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"cba48581-a7e7-48cf-aaf4-0ef976378c6b","#CB100E",{"id":1038,"color":1039,"rangeValue":9,"label":281,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"cc525cb2-ec08-4b04-a09a-3fe4af17613f","#B3D8E2",{"id":1041,"color":1042,"rangeValue":9,"label":285,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"99bea191-7158-4c98-941c-b357bbbe0dbe","#B454B6",[],{"id":1045,"slug":1046,"label":1047,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":1048,"sections":1063},"3d84c7bb-a6b5-49b2-83e2-013d04cf72d8","opinion-of-data-subjects","Opinion of data subjects",[1049,1059],{"id":1050,"slug":1051,"label":1052,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":1053,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"f9077d4e-4f15-47ba-82b5-5af5aadc8c60","have-you-received-the-opinion-of-data-subjects-or-their-representatives","Have you received the opinion of data subjects or their representatives?",[1054,1057],{"id":1055,"color":1056,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"7a45ff92-4e05-4bf9-b5d9-4a686607d535","#04857E",{"id":1058,"color":515,"rangeValue":9,"label":49,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ee2cb02a-7d8b-4807-ac98-cf748ecca21a",{"id":1060,"slug":1061,"label":1062,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"10bce1ea-aea1-43db-b069-baf0de88eab5","51-indicate-the-opinion-here","Indicate the opinion here",[],{"id":1065,"slug":1066,"label":1067,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":1068,"sections":1082},"68e7d45f-289e-4ca4-aded-fb0ea7cf8065","opinion-of-the-dpo","Opinion of the DPO",[1069,1079],{"id":1070,"slug":1071,"label":1072,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":1073,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"244bf8d2-a914-4154-bfd9-9d577162d618","have-you-obtained-the-dpos-opinion","Have you obtained the DPO’s opinion?",[1074,1076],{"id":1075,"color":361,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"8d049d26-f14a-4280-90d3-709c8e305f45",{"id":1077,"color":1078,"rangeValue":9,"label":49,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"403ada39-e45a-4379-951b-9e184761654b","#63D623",{"id":1080,"slug":1081,"label":1062,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":605,"typeIndex":260,"typeColor":9,"typeIcon":9,"typeText":606,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"7b242209-b6b7-4947-85c8-3b264d5b5a6d","indicate-the-opinion-here",[],{"id":1084,"slug":1085,"label":1086,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":1087,"sections":1112},"36e1436b-1c42-4447-b9cf-1438fc7ddeb8","validation","Validation",[1088,1104],{"id":1089,"slug":1090,"label":1091,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":39,"typeColor":9,"typeIcon":9,"typeText":40,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":1092,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"e3d2594b-4e0b-41aa-924a-c827f6a6d8ae","the-validation-by-the-data-controller-is-formalized","The validation by the data controller is formalized.",[1093,1097,1101],{"id":1094,"color":1095,"rangeValue":9,"label":1096,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"ce235c0e-aba4-4ada-bfa1-9c8992936bd6","#D09023","Yes, the assessment is validated and risks are accepted",{"id":1098,"color":1099,"rangeValue":9,"label":1100,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"fc9b1a8a-d217-413f-a1e0-88c9025a53a2","#A9C3FD","No, the assessment is not validated",{"id":1102,"color":352,"rangeValue":9,"label":1103,"slug":9,"description":9,"score":9,"nonApplicable":22,"tooltip":9,"goodAnswer":22,"redFlag":22,"impact":9,"probability":9,"taskSuggestions":9},"582dbb6f-83a5-4733-b048-a6947acce4d8","In progress",{"id":1105,"slug":1106,"label":1107,"tooltipHtml":9,"descriptionHtml":1108,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":1109,"typeIndex":1110,"typeColor":9,"typeIcon":9,"typeText":1111,"dynamicSelectType":9,"editableOptions":22,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":22,"requiredJustification":22,"suggestTask":22,"riskEnabled":23,"native":22},"54f8a051-ddf7-4dc0-b4a0-0c9c351a3e76","attach-the-signed-analysis","Attach the signed analysis","\u003Cp>The assessment must be signed by the data controller. In this case, it will be the organization’s legal representative or their authorized delegate.\u003C/p>","Attachments",12,"Files (attachments drop)",[],[],"68e77ec3-2e3a-455c-a0a0-99cc73733481","1.0","DPIA Template for AI Systems – GDPR and EU AI Act Compliance","751f3010-7f91-402a-e45e-08de1d1b58a4","https://static.dastra.eu/tenant-3/audit/T1Pt7wXET3dcoi/chatgpt-image-7-nov-2025-102456-150.png","Ensuring GDPR & EU AI Act Compliance\n\nThis DPIA template is designed to assess and document how an AI system processes personal data in a lawful, fair, and transparent manner.\nIt identifies potential privacy risks across the entire data lifecycle — from collection and training to inference and retention — and defines mitigation strategies to ensure compliance with GDPR and the EU AI Act.\n\nThrough this assessment, organizations can demonstrate accountability, strengthen data governance, and ensure the protection of individuals’ rights and freedoms.","2025-11-07T09:25:41.3334319","2025-11-07T09:25:52.3740978","PIA","Privacy impact assessment (DPIA)",{"id":1125,"displayName":1126,"familyName":1127,"givenName":1128,"email":1129,"active":23,"color":900,"avatarUrl":1130,"tenantId":11},31,"Jérôme de Mercey","de Mercey","Jérôme","jerome.demercey@dastra.eu","https://static.dastra.eu/tenant-10/avatar/31/Zuh7XFZe5EnnTo/design-sans-titre-2-150.png","AiSystem",9,"#FF2FDA","ds-icon-ai-usage","AI system",[],[1138,1146],{"id":1139,"label":1140,"type":1141,"typeIndex":1132,"typeColor":1142,"typeIcon":1143,"typeText":1144,"color":1145},"8522aba8-44be-49ba-92d6-c83a9655d2ce","AI","AuditTemplate","#83d162","ds-icon-audit","Questionnaire template","#5AADAA",{"id":1147,"label":1122,"type":1141,"typeIndex":1132,"typeColor":1142,"typeIcon":1143,"typeText":1144,"color":1148},"ff1dbf03-7561-4b63-996b-e899af94bb9a","#C75FFC",90,20]