[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6N4zyT2euqerahSmj-xxO5DDzy7KlH9FbG-68L124HY":3},{"sections":4,"resultAnalysis":813,"id":839,"version":840,"newVersion":32,"label":841,"isPinned":32,"isShared":32,"sharingToken":9,"isRevision":32,"isBlockAnalysisShared":32,"nbReferences":351,"referenceId":9,"nbResponses":21,"parentId":9,"revisionDescription":9,"logoUrl":9,"description":842,"scheduleIntervalDays":9,"versionNumber":11,"dateCreation":843,"dateUpdate":844,"dateArchived":845,"archived":33,"type":846,"typeIndex":351,"typeColor":9,"typeIcon":9,"typeText":847,"creator":848,"objectType":9,"defaultOwners":856,"tags":857,"privacyHubs":9,"nbQuestions":858,"nbQuestionsRequired":859,"nbDatas":21,"deadLineDays":9},[5,216,379,593,632,724,763],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":13,"questions":14,"sections":15},"3a7e57ba-0466-43c3-b9a5-d5f988486176","overview","Overview of the Processing",null,"Chapter",1,"SectionType_Chapter","\u003Cp>General overview of the processing activity subject to the DPIA: controller identity, processors involved, name and planning of the processing, and DPIA administrative information.\u003C/p>",[],[16,49,60,74,89],{"id":17,"slug":18,"label":19,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":23,"questions":24,"sections":48},"f4c3e1be-d56a-4a1c-a687-1beefeb77189","controller","0.1 Controller(s)","Default",0,"SectionType_Default","\u003Cp>\u003Cem>Note: If there are joint controllers, complete one entry per controller and identify their respective obligations and tasks.\u003C/em>\u003C/p>",[25,34,40,44],{"id":26,"slug":27,"label":28,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":29,"min":9,"max":9,"regex":9,"unit":9,"type":30,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"00000000-0000-0000-0000-000000000000","controller-name","Controller – name and contact details","Full legal name and contact details of the controller","ShortText","Short text",false,true,{"id":26,"slug":35,"label":36,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":37,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"controller-management-units","Management units responsible for the processing inside the organisation","Identify the internal departments or business units responsible for this processing","LongText","Long text",{"id":26,"slug":41,"label":42,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":43,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"controller-establishment","Main establishment / point of contact or EU representative","Main establishment address or EU representative contact details",{"id":26,"slug":45,"label":46,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":47,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"controller-dpo","Information about the DPO or similar function, if applicable","Name, contact details and role of the DPO or equivalent function",[],{"id":50,"slug":51,"label":52,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":53,"sections":59},"8f27d6d2-1dc6-4f3d-9369-c51aa3e4fd95","processors","0.2 Processor(s) and Sub-processor(s)",[54],{"id":26,"slug":55,"label":56,"tooltipHtml":9,"descriptionHtml":57,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":58,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"processors-list","List of processors and sub-processors, with their obligations and tasks","\u003Cp>For each processor/sub-processor, provide their name and describe their obligations and tasks.\u003C/p>","Processor 1: [Name] – Obligations and tasks: [...]\nProcessor 2: [Name] – Obligations and tasks: [...]",[],{"id":61,"slug":62,"label":63,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":64,"sections":73},"54112eca-7ade-4735-909f-cc47ca85fc3e","processing-name","0.3 Name of the Processing",[65,69],{"id":26,"slug":66,"label":67,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":68,"min":9,"max":9,"regex":9,"unit":9,"type":30,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"processing-internal-name","Internal name of the processing (as recorded in the record of processing activities)","Official name of the processing activity",{"id":26,"slug":70,"label":71,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":72,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"processing-version-history","Current version and version history of the processing","Explain the history of changes made to the processing in the past, if any",[],{"id":75,"slug":76,"label":77,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":78,"sections":88},"887c166f-3954-4f8e-9bdb-2e715d044588","planning","0.4 Planning of the Processing",[79,84],{"id":26,"slug":80,"label":81,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":82,"typeIndex":83,"typeColor":9,"typeIcon":9,"typeText":82,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"planning-launch-date","Estimated launch date","Date",3,{"id":26,"slug":85,"label":86,"tooltipHtml":9,"descriptionHtml":87,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":82,"typeIndex":83,"typeColor":9,"typeIcon":9,"typeText":82,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"planning-end-date","Estimated end date or expiration conditions","\u003Cp>Applicable if the processing is temporary or has a defined end date.\u003C/p>",[],{"id":90,"slug":91,"label":92,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":93,"sections":215},"9f8a260a-8d8a-48cf-aef0-c84ed077263c","dpia-technical-sheet","0.5 DPIA Technical Sheet",[94,98,102,106,165,169,180,184,187,191,207],{"id":26,"slug":95,"label":96,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":97,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-version-log","Current version and version log of this DPIA document","Describe the history of changes made to this DPIA document",{"id":26,"slug":99,"label":100,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":101,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-team","Team involved in conducting this DPIA","Name team members and describe their roles, tasks and responsibilities",{"id":26,"slug":103,"label":104,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":105,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-guidelines","Guidelines, standards, codes of conduct and reference materials used","List the guidelines, standards and reference documents relied upon",{"id":26,"slug":107,"label":108,"tooltipHtml":9,"descriptionHtml":109,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":110,"typeIndex":111,"typeColor":9,"typeIcon":9,"typeText":112,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":113,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-reasons","Reasons to conduct this DPIA","\u003Cp>Select all reasons that triggered the obligation or need to conduct this DPIA (Article 35 GDPR and EDPB guidance).\u003C/p>","Checkbox",8,"Multi choice list",[114,117,120,123,126,129,132,135,138,141,144,147,150,153,156,159,162],{"id":26,"color":9,"rangeValue":9,"label":115,"slug":116,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Systematic/extensive profiling or automated processing with legal or similarly significant effects (Art. 35(3)(a) GDPR)","reason-systematic-evaluation",{"id":26,"color":9,"rangeValue":9,"label":118,"slug":119,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Large-scale processing of special categories (Art. 9) or criminal convictions data (Art. 10) – Art. 35(3)(b) GDPR","reason-special-categories",{"id":26,"color":9,"rangeValue":9,"label":121,"slug":122,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Systematic large-scale monitoring of publicly accessible area – Art. 35(3)(c) GDPR","reason-systematic-monitoring",{"id":26,"color":9,"rangeValue":9,"label":124,"slug":125,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Evaluation or scoring / profiling of data subjects","reason-scoring-profiling",{"id":26,"color":9,"rangeValue":9,"label":127,"slug":128,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Automated decision-making with legal or similarly significant effect","reason-automated-decision",{"id":26,"color":9,"rangeValue":9,"label":130,"slug":131,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Sensitive data or data of a highly personal nature","reason-sensitive-data",{"id":26,"color":9,"rangeValue":9,"label":133,"slug":134,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data processed on a large scale","reason-large-scale",{"id":26,"color":9,"rangeValue":9,"label":136,"slug":137,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Matching or combining datasets from different sources","reason-matching-datasets",{"id":26,"color":9,"rangeValue":9,"label":139,"slug":140,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data concerning vulnerable data subjects","reason-vulnerable-subjects",{"id":26,"color":9,"rangeValue":9,"label":142,"slug":143,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Innovative use or new technological or organisational solutions","reason-innovative-use",{"id":26,"color":9,"rangeValue":9,"label":145,"slug":146,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Processing that prevents data subjects from exercising a right or using a service","reason-prevents-rights",{"id":26,"color":9,"rangeValue":9,"label":148,"slug":149,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Required by national law or supervisory authority list","reason-national-law",{"id":26,"color":9,"rangeValue":9,"label":151,"slug":152,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"DPO opinion or recommendation","reason-dpo-recommendation",{"id":26,"color":9,"rangeValue":9,"label":154,"slug":155,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data subjects' (or their representatives') opinion or recommendation","reason-data-subjects-recommendation",{"id":26,"color":9,"rangeValue":9,"label":157,"slug":158,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Required by a code of conduct, standard or best practice","reason-code-of-conduct",{"id":26,"color":9,"rangeValue":9,"label":160,"slug":161,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Existing processing – data processing has changed","reason-existing-processing-change",{"id":26,"color":9,"rangeValue":9,"label":163,"slug":164,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Existing processing – organisational or societal context has changed","reason-context-change",{"id":26,"slug":166,"label":167,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":168,"min":9,"max":9,"regex":9,"unit":9,"type":30,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-reasons-other","Other reason to conduct this DPIA (if not listed above)","Specify any other applicable reason",{"id":26,"slug":170,"label":171,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":172,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":173,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-change-description","If the processing or context has changed, describe how","Describe the nature and scope of the change",{"id":26,"separator":174,"field":9,"operator":175,"value":9,"rules":176},"Or","equal",[177,179],{"id":26,"separator":9,"field":107,"operator":178,"value":161,"rules":9},"contains",{"id":26,"separator":9,"field":107,"operator":178,"value":164,"rules":9},{"id":26,"slug":181,"label":182,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":183,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-scope","Scope of this DPIA","Describe what has been considered in this DPIA and what has been left out, explaining why",{"id":26,"slug":185,"label":186,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":82,"typeIndex":83,"typeColor":9,"typeIcon":9,"typeText":82,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-completion-date","Completion date of this DPIA",{"id":26,"slug":188,"label":189,"tooltipHtml":9,"descriptionHtml":190,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":82,"typeIndex":83,"typeColor":9,"typeIcon":9,"typeText":82,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-validation-date","Formal validation date","\u003Cp>Date of approval of the DPIA as complete and finished by a responsible official.\u003C/p>",{"id":26,"slug":192,"label":193,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":194,"typeIndex":195,"typeColor":9,"typeIcon":9,"typeText":196,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":197,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-publication","Is this DPIA (or parts of it) intended to be published or shared externally?","Radio",7,"Unique choice list",[198,201,204],{"id":26,"color":9,"rangeValue":9,"label":199,"slug":200,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":33,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"No","publication-no",{"id":26,"color":9,"rangeValue":9,"label":202,"slug":203,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Yes – it will be published","publication-yes-published",{"id":26,"color":9,"rangeValue":9,"label":205,"slug":206,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Yes – it will be shared externally","publication-yes-shared",{"id":26,"slug":208,"label":209,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":210,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":211,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-publication-details","How will the DPIA be published or shared externally?","Describe the publication or external sharing method",{"id":26,"separator":174,"field":9,"operator":175,"value":9,"rules":212},[213,214],{"id":26,"separator":9,"field":192,"operator":175,"value":203,"rules":9},{"id":26,"separator":9,"field":192,"operator":175,"value":206,"rules":9},[],{"id":217,"slug":218,"label":219,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":220,"questions":221,"sections":222},"f08c7200-07dd-4527-b10c-96e9ae91b52a","systematic-description","Systematic Description of the Processing","\u003Cp>Comprehensive description of the processing activity covering the personal data processed, purposes, functional flows, technical means, and applicable codes of conduct.\u003C/p>",[],[223,339,354,365],{"id":224,"slug":225,"label":226,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":227,"sections":228},"af18d208-f0b5-462d-839f-1709af8285d1","high-level-description","1.1 High-level Description",[],[229,276,287,302],{"id":230,"slug":231,"label":232,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":233,"sections":275},"6a89b8e4-0b6d-45dc-9cf4-4844bbc8c08d","processed-personal-data","1.1.a Processed Personal Data",[234,239,245],{"id":26,"slug":235,"label":236,"tooltipHtml":9,"descriptionHtml":237,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":238,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"personal-data-list","List all personal data items or elements processed","\u003Cp>For each data item, specify: the data type, the data subject category, any additional details, and whether it constitutes special category data under Article 9 GDPR.\u003C/p>","Data item 1: [Name] – Type: [...] – Data subject category: [...] – Special category? Yes/No\nData item 2: ...",{"id":26,"slug":240,"label":241,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":242,"typeIndex":243,"typeColor":9,"typeIcon":9,"typeText":244,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"special-categories-involved","Does the processing involve special categories of personal data (Article 9 GDPR)?","Boolean",17,"Simple checkbox",{"id":26,"slug":246,"label":247,"tooltipHtml":9,"descriptionHtml":248,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":110,"typeIndex":111,"typeColor":9,"typeIcon":9,"typeText":112,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":249,"answers":250,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"special-categories-detail","Which special categories of personal data are processed?","\u003Cp>Select all applicable categories (Article 9(1) GDPR).\u003C/p>",{"id":26,"separator":9,"field":240,"operator":175,"value":33,"rules":9},[251,254,257,260,263,266,269,272],{"id":26,"color":9,"rangeValue":9,"label":252,"slug":253,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data revealing racial or ethnic origin","sc-racial-ethnic",{"id":26,"color":9,"rangeValue":9,"label":255,"slug":256,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data revealing political opinions","sc-political",{"id":26,"color":9,"rangeValue":9,"label":258,"slug":259,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data revealing religious or philosophical beliefs","sc-religious",{"id":26,"color":9,"rangeValue":9,"label":261,"slug":262,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data revealing trade union membership","sc-trade-union",{"id":26,"color":9,"rangeValue":9,"label":264,"slug":265,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Genetic data","sc-genetic",{"id":26,"color":9,"rangeValue":9,"label":267,"slug":268,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Biometric data for the purpose of uniquely identifying a natural person","sc-biometric",{"id":26,"color":9,"rangeValue":9,"label":270,"slug":271,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data concerning health","sc-health",{"id":26,"color":9,"rangeValue":9,"label":273,"slug":274,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Data concerning a natural person's sex life or sexual orientation","sc-sexual",[],{"id":277,"slug":278,"label":279,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":280,"sections":286},"99a24952-131c-4438-8c1a-62cc29e1e739","purposes","1.1.b Purposes of the Processing",[281],{"id":26,"slug":282,"label":283,"tooltipHtml":9,"descriptionHtml":284,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":285,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"purposes-list","Describe the specific and explicit purposes for which personal data are processed","\u003Cp>For each purpose, specify which personal data items (from 1.1.a) are involved and provide justification of their relevance.\u003C/p>","Purpose 1: [Description] – Personal data involved: [...] – Justification: [...]\nPurpose 2: ...",[],{"id":288,"slug":289,"label":290,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":291,"sections":301},"2e6645cf-fadf-420b-b871-d85f4e739e74","secondary-uses","1.1.c Secondary or Compatible Uses",[292,295],{"id":26,"slug":293,"label":294,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":242,"typeIndex":243,"typeColor":9,"typeIcon":9,"typeText":244,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"secondary-uses-exist","Are there secondary or compatible uses of the data beyond the primary purposes?",{"id":26,"slug":296,"label":297,"tooltipHtml":9,"descriptionHtml":298,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":299,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":300,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"secondary-uses-list","Describe secondary or compatible uses","\u003Cp>For each secondary use, describe: the personal data involved, the conditions under which it occurs, and an assessment of compatibility with the primary purpose.\u003C/p>","Secondary use 1: [...] – Personal data: [...] – Conditions: [...] – Compatibility assessment: [...]",{"id":26,"separator":9,"field":293,"operator":175,"value":33,"rules":9},[],{"id":303,"slug":304,"label":305,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":306,"sections":338},"a0a37a8c-7425-4366-9157-e8ff02dc44fe","nature-scope-context","1.1.d Nature, Scope and Context of the Processing",[307,312,317,322,325,330,333],{"id":26,"slug":308,"label":309,"tooltipHtml":9,"descriptionHtml":310,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":311,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"nature-of-processing","Nature of the processing","\u003Cp>Describe how personal data will be handled: operations involved, technologies used, etc.\u003C/p>","Collection, storage, use, sharing, deletion, technologies involved...",{"id":26,"slug":313,"label":314,"tooltipHtml":9,"descriptionHtml":315,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":316,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"scope-of-processing","Scope of the processing","\u003Cp>Describe the breadth and extent: volume, number of data subjects, geographical and organisational reach, frequency or duration.\u003C/p>","Number of data subjects, volume of data, duration, geographical reach...",{"id":26,"slug":318,"label":319,"tooltipHtml":9,"descriptionHtml":320,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":321,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"context-of-processing","Context of the processing","\u003Cp>Describe the circumstances and environment: use cases, business processes, relationship with data subjects, vulnerable groups, etc.\u003C/p>","Use cases, business processes, relationship with data subjects, vulnerable groups...",{"id":26,"slug":323,"label":324,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":242,"typeIndex":243,"typeColor":9,"typeIcon":9,"typeText":244,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"cross-border-processing","Is this a cross-border processing?",{"id":26,"slug":326,"label":327,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":328,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":329,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"cross-border-details","Cross-border processing – justification and details","Identify the Member States involved and explain the cross-border nature",{"id":26,"separator":9,"field":323,"operator":175,"value":33,"rules":9},{"id":26,"slug":331,"label":332,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":242,"typeIndex":243,"typeColor":9,"typeIcon":9,"typeText":244,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"international-transfers","Will personal data be transferred to a recipient in a third country or international organisation?",{"id":26,"slug":334,"label":335,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":336,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":337,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"international-transfers-details","International transfers – justification, recipient countries and transfer mechanism","Recipient countries/organisations, applicable Chapter V GDPR transfer mechanism, justification",{"id":26,"separator":9,"field":331,"operator":175,"value":33,"rules":9},[],{"id":340,"slug":341,"label":342,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":343,"questions":344,"sections":353},"b3cf4b70-181e-404a-94f1-5e41d0086830","functional-description","1.2 Functional Description","\u003Cp>Step-by-step description of the processing phases. Ideally supplement with data flow diagrams.\u003C/p>",[345],{"id":26,"slug":346,"label":347,"tooltipHtml":9,"descriptionHtml":348,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":349,"min":9,"max":9,"regex":9,"unit":9,"type":350,"typeIndex":351,"typeColor":9,"typeIcon":9,"typeText":352,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"functional-phases","Describe the processing phases, types of operations and data flows","\u003Cp>For each phase (collection, use, storage, sharing/transfer, deletion/destruction), describe the operations involved.\u003C/p>","Phase – Collection: [...]\nPhase – Use: [...]\nPhase – Storage: [...]\nPhase – Sharing/Transfer: [...]\nPhase – Deletion/Destruction: [...]","RichText",2,"Text editor",[],{"id":355,"slug":356,"label":357,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":358,"sections":364},"fd0c9bc6-ba6d-42c6-94e4-6c01a9d4be2b","means-of-processing","1.3 Means of Processing, Assets and Architecture",[359],{"id":26,"slug":360,"label":361,"tooltipHtml":9,"descriptionHtml":362,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":363,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"means-description","Describe means of processing, supporting assets and underlying architecture","\u003Cp>For each processing phase or stage (from 1.2), list the means of processing and supporting assets (systems, tools, infrastructure) and provide explanations.\u003C/p>","Processing phase: [...] – Means and assets: [...] – Explanation: [...]",[],{"id":366,"slug":367,"label":368,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":369,"sections":378},"abe89031-f77c-48ca-913e-afda8112a1aa","codes-of-conduct","1.4 Compliance with Approved Codes of Conduct",[370,373],{"id":26,"slug":371,"label":372,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":242,"typeIndex":243,"typeColor":9,"typeIcon":9,"typeText":244,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"codes-applicable","Are there approved codes of conduct applicable to this processing?",{"id":26,"slug":374,"label":375,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":376,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":377,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"codes-detail","Identify applicable codes of conduct and explain compliance","Code of conduct 1: [Name] – Compliance required because: [...] – Explanation: [...]\nCode of conduct 2: ...",{"id":26,"separator":9,"field":371,"operator":175,"value":33,"rules":9},[],{"id":380,"slug":381,"label":382,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":383,"questions":384,"sections":385},"27390a1f-8dc7-4474-a8f3-1e072462dddc","analysis","Analysis of the Processing","\u003Cp>Analysis of the compliance of the processing with GDPR: lawfulness, data minimisation, retention, data quality, and all measures supporting compliance.\u003C/p>",[],[386,471,498],{"id":387,"slug":388,"label":389,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":390,"sections":391},"e10b8475-1836-4e72-9983-f9d27381bb1e","lawfulness","2.1 Lawfulness of the Processing",[],[392,426],{"id":393,"slug":394,"label":395,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":396,"sections":425},"e037a787-2a67-4ad4-91c0-fb9587c533b2","legal-basis","2.1.a Legal Basis",[397,420],{"id":26,"slug":398,"label":399,"tooltipHtml":9,"descriptionHtml":400,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":110,"typeIndex":111,"typeColor":9,"typeIcon":9,"typeText":112,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":401,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"legal-basis-article6","Legal basis under Article 6(1) GDPR","\u003Cp>Select all applicable legal bases. If relying on legitimate interests (f), a balancing test must be provided below.\u003C/p>",[402,405,408,411,414,417],{"id":26,"color":9,"rangeValue":9,"label":403,"slug":404,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(a) Consent of the data subject","lb-consent",{"id":26,"color":9,"rangeValue":9,"label":406,"slug":407,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(b) Performance of a contract or pre-contractual steps at data subject's request","lb-contract",{"id":26,"color":9,"rangeValue":9,"label":409,"slug":410,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(c) Compliance with a legal obligation to which the controller is subject","lb-legal-obligation",{"id":26,"color":9,"rangeValue":9,"label":412,"slug":413,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(d) Protection of the vital interests of the data subject or another person","lb-vital-interests",{"id":26,"color":9,"rangeValue":9,"label":415,"slug":416,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(e) Performance of a task in the public interest or exercise of official authority","lb-public-interest",{"id":26,"color":9,"rangeValue":9,"label":418,"slug":419,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(f) Legitimate interests of the controller or a third party","lb-legitimate-interests",{"id":26,"slug":421,"label":422,"tooltipHtml":9,"descriptionHtml":423,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":424,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"legal-basis-justification","Justification for the chosen legal basis","\u003Cp>For each purpose, justify the applicable legal basis. If relying on legitimate interests (Art. 6(1)(f)), provide the balancing test analysis.\u003C/p>","Purpose 1 – Legal basis: [...] – Justification: [...]\nLegitimate interests balancing test (if applicable): [...]",[],{"id":427,"slug":428,"label":429,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":430,"questions":431,"sections":470},"8be79b4d-be5e-4ca6-b059-c4b720d8928a","lift-prohibition","2.1.b Reasons to Lift the Processing Prohibition","\u003Cp>Complete only if special categories of personal data (Article 9 GDPR) are processed. Identify the applicable ground under Article 9(2) GDPR.\u003C/p>",[432,466],{"id":26,"slug":433,"label":434,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":110,"typeIndex":111,"typeColor":9,"typeIcon":9,"typeText":112,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":435,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"lift-prohibition-basis","Ground under Article 9(2) GDPR for processing special category data",[436,439,442,445,448,451,454,457,460,463],{"id":26,"color":9,"rangeValue":9,"label":437,"slug":438,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(a) Explicit consent of the data subject","lp-explicit-consent",{"id":26,"color":9,"rangeValue":9,"label":440,"slug":441,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(b) Employment, social security and social protection law obligations","lp-employment",{"id":26,"color":9,"rangeValue":9,"label":443,"slug":444,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(c) Protection of vital interests where data subject is incapable of consenting","lp-vital-interests",{"id":26,"color":9,"rangeValue":9,"label":446,"slug":447,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(d) Legitimate activities of a not-for-profit body","lp-nonprofit",{"id":26,"color":9,"rangeValue":9,"label":449,"slug":450,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(e) Data manifestly made public by the data subject","lp-public",{"id":26,"color":9,"rangeValue":9,"label":452,"slug":453,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(f) Establishment, exercise or defence of legal claims","lp-legal-claims",{"id":26,"color":9,"rangeValue":9,"label":455,"slug":456,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(g) Substantial public interest based on Union or Member State law","lp-public-interest",{"id":26,"color":9,"rangeValue":9,"label":458,"slug":459,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(h) Preventive or occupational medicine, health care purposes (Art. 9(2)(h))","lp-healthcare",{"id":26,"color":9,"rangeValue":9,"label":461,"slug":462,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(i) Public health interest (Art. 9(2)(i))","lp-public-health",{"id":26,"color":9,"rangeValue":9,"label":464,"slug":465,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"(j) Archiving, scientific/historical research or statistical purposes (Art. 89(1))","lp-research",{"id":26,"slug":467,"label":468,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":469,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"lift-prohibition-justification","Justification for the Article 9(2) ground invoked","For each special category data item, specify the applicable Art. 9(2) ground and provide detailed justification",[],{"id":472,"slug":473,"label":474,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":475,"sections":476},"fc2446fd-62ba-467e-93bc-424a33cdce1d","data-minimisation","2.2 Data Minimisation, Retention and Data Quality",[],[477,488],{"id":478,"slug":479,"label":480,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":481,"sections":487},"5c0f3564-13de-41d0-9585-a119a70c3baf","minimisation-retention","2.2.a Data Minimisation and Retention Periods",[482],{"id":26,"slug":483,"label":484,"tooltipHtml":9,"descriptionHtml":485,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":486,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"minimisation-justification","Justify necessity and relevance of each data item, identify recipients and specify retention periods","\u003Cp>For each personal data item (from 1.1.a): justify the need and relevance, identify recipients, specify the retention period and justify it.\u003C/p>","Data item: [...] – Justification: [...] – Recipients: [...] – Retention period: [...] – Justification: [...]",[],{"id":489,"slug":490,"label":491,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":492,"sections":497},"6eac0045-081d-417b-abfc-efbb1011224e","data-quality","2.2.b Data Quality",[493],{"id":26,"slug":494,"label":495,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":496,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"data-quality-measures","Describe data quality metrics, requirements or thresholds for each personal data item","Data item: [...] – Quality metrics/requirements: [...] – Justification: [...]",[],{"id":499,"slug":500,"label":501,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":502,"sections":503},"a3e5bc54-ece4-42d3-a491-a284773845b5","measures-compliance","2.3 Measures Supporting Compliance",[],[504,536,558,574,584],{"id":505,"slug":506,"label":507,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":508,"questions":509,"sections":535},"fbe9cdc1-6826-4ac9-b14d-3d97a75d45cc","article5-measures","2.3.a Measures – Article 5(1) GDPR Principles","\u003Cp>For each principle, list supporting measures, discuss their appropriateness and effectiveness, and specify implementation status (Planned / Partially implemented / Implemented).\u003C/p>",[510,514,517,520,523,526,529,532],{"id":26,"slug":511,"label":512,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-fairness","Fairness principle – Supporting measures, appropriateness/effectiveness, implementation status","Measures: [...] | Appropriateness/Effectiveness: [...] | Status: Planned / Partially implemented / Implemented",{"id":26,"slug":515,"label":516,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-transparency","Transparency principle – Supporting measures, appropriateness/effectiveness, implementation status",{"id":26,"slug":518,"label":519,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-purpose-limitation","Purpose limitation principle – Supporting measures, appropriateness/effectiveness, implementation status",{"id":26,"slug":521,"label":522,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-data-minimisation","Data minimisation principle – Supporting measures, appropriateness/effectiveness, implementation status",{"id":26,"slug":524,"label":525,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-accuracy","Accuracy principle – Supporting measures, appropriateness/effectiveness, implementation status",{"id":26,"slug":527,"label":528,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-storage-limitation","Storage limitation principle – Supporting measures, appropriateness/effectiveness, implementation status",{"id":26,"slug":530,"label":531,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-integrity-confidentiality","Integrity and confidentiality principle – Measures, appropriateness/effectiveness, status",{"id":26,"slug":533,"label":534,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"principle-accountability","Accountability principle – Supporting measures, appropriateness/effectiveness, implementation status",[],{"id":537,"slug":538,"label":539,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":540,"questions":541,"sections":557},"fdb06320-2fb2-421d-8d0a-e49960e9a5bb","data-subject-rights","2.3.b Measures – Exercise of Data Subjects' Rights","\u003Cp>For each data subject right, list supporting measures, discuss appropriateness/effectiveness, and specify implementation status.\u003C/p>",[542,545,548,551,554],{"id":26,"slug":543,"label":544,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"right-information","Information to data subjects (Arts. 12, 13 and 14 GDPR) – Measures, appropriateness, status",{"id":26,"slug":546,"label":547,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"right-access-portability","Right of access and data portability (Arts. 15 and 20 GDPR) – Measures, appropriateness, status",{"id":26,"slug":549,"label":550,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"right-rectification-erasure","Right to rectification and erasure (Arts. 16, 17 and 19 GDPR) – Measures, appropriateness, status",{"id":26,"slug":552,"label":553,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"right-object-restriction","Right to object and to restriction (Arts. 18, 19 and 21 GDPR) – Measures, appropriateness, status",{"id":26,"slug":555,"label":556,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"right-automated-decision","Right not to be subject to automated decision-making (Art. 22 GDPR) – Measures, appropriateness, status",[],{"id":559,"slug":560,"label":561,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":562,"questions":563,"sections":573},"e22a94f6-6a0c-418b-b80d-df93f8325583","other-gdpr-requirements","2.3.c Measures – Other GDPR Requirements","\u003Cp>For each requirement, list supporting measures, discuss appropriateness/effectiveness, and specify implementation status.\u003C/p>",[564,567,570],{"id":26,"slug":565,"label":566,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"consent-requirements","Consent requirements and withdrawal mechanism (Art. 7 GDPR) – Measures, appropriateness, status",{"id":26,"slug":568,"label":569,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"processor-relationship","Relationship with processors – DPA requirements (Art. 28 GDPR) – Measures, appropriateness, status",{"id":26,"slug":571,"label":572,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":513,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"international-transfer-safeguards","Safeguards for international transfers (Chapter V GDPR) – Measures, appropriateness, status",[],{"id":575,"slug":576,"label":577,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":578,"sections":583},"ce5e5a26-d1f1-47fa-9871-2367bd03df1b","privacy-by-design","2.3.d Measures – Data Protection by Design and by Default",[579],{"id":26,"slug":580,"label":581,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":582,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"privacy-by-design-measures","Data protection by design and by default (Art. 25 GDPR) – Measures, appropriateness/effectiveness, status","Measure 1: [...] | Appropriateness/Effectiveness: [...] | Status: Planned / Partially implemented / Implemented\nMeasure 2: ...",[],{"id":585,"slug":586,"label":587,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":588,"sections":592},"c98898f1-60ac-4a15-82fe-9afa93c96937","security-measures","2.3.e Measures – Security of Processing",[589],{"id":26,"slug":590,"label":591,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":582,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"security-processing-measures","Security of processing (Art. 32 GDPR) – Measures, appropriateness/effectiveness, implementation status",[],{"id":594,"slug":595,"label":596,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":597,"questions":598,"sections":599},"c3cc4d42-2df1-4726-b806-c48902420801","necessity-proportionality","Necessity and Proportionality","\u003Cp>Examination of the impacts on data subjects' rights and freedoms and assessment of whether the processing is necessary and proportionate to its objectives.\u003C/p>",[],[600,610,621],{"id":601,"slug":602,"label":603,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":604,"sections":609},"ed597706-7756-4d8a-a124-e953a0adbe30","impacts-rights-freedoms","3.1 Impacts on Rights and Freedoms of Data Subjects",[605],{"id":26,"slug":606,"label":607,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":608,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"impacts-description","Describe the impacts of the processing on the rights and freedoms of data subjects","Identify and describe all potential impacts (social, economic, physical, reputational, etc.) on data subjects' rights and freedoms",[],{"id":611,"slug":612,"label":613,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":614,"sections":620},"1c6b8b3c-9835-4f5f-a8a0-d1f5eb32a639","necessity","3.2 Necessity Assessment",[615],{"id":26,"slug":616,"label":617,"tooltipHtml":9,"descriptionHtml":618,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":619,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"necessity-assessment","Assess whether the processing is necessary and the least intrusive option available","\u003Cp>Evaluate whether the processing is effective and whether less privacy-intrusive alternatives were considered. Provide evidence and justification.\u003C/p>","Alternatives considered: [...]\nWhy this processing is necessary: [...]\nEvidence supporting necessity: [...]",[],{"id":622,"slug":623,"label":624,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":625,"sections":631},"58bd62de-26b9-44e0-9450-d66068bad9aa","proportionality","3.3 Proportionality Assessment",[626],{"id":26,"slug":627,"label":628,"tooltipHtml":9,"descriptionHtml":629,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":630,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"proportionality-assessment","Assess the proportionality of the processing","\u003Cp>Discuss the importance of the processing and its potential benefits. Compare impacts on rights and freedoms with the advantages resulting from the processing. Provide evidence and justification.\u003C/p>","Benefits and importance of the processing: [...]\nImpacts on rights and freedoms: [...]\nBalancing evaluation: [...]\nConclusion on proportionality: [...]",[],{"id":633,"slug":634,"label":635,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":636,"questions":637,"sections":638},"7bf54ddb-1be4-4af8-84c1-81cf324a982e","risk-assessment","Risk Assessment and Management","\u003Cp>Identification and assessment of risks to data subjects' rights and freedoms, definition of mitigating measures, residual risk evaluation, and implementation action plan.\u003C/p>",[],[639,685],{"id":640,"slug":641,"label":642,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":643,"sections":644},"73de0ae1-5491-42e7-8f16-0af7a69a69f7","risk-assessment-detail","4.1 Risk Assessment",[],[645,662,673],{"id":646,"slug":647,"label":648,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":649,"questions":650,"sections":661},"ce11fe09-4eb8-46df-81fd-1d4d24c86fe5","threats-design","4.1.a Threats from Processing Design and Abnormal Events","\u003Cp>Identify at minimum threats that could lead to illegitimate access, undesired modification and disappearance of data.\u003C/p>",[651,656],{"id":26,"slug":652,"label":653,"tooltipHtml":9,"descriptionHtml":654,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":655,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"threats-design-list","Threats posed by the processing as designed (including measures already envisaged to mitigate them)","\u003Cp>For each threat, describe: how it can materialise, the risk sources (purpose, design weaknesses, exposures), and impacts on data subjects' rights and freedoms.\u003C/p>","Threat 1: [Description]\n – Materialisation: [...]\n – Risk sources: [...]\n – Impact on data subjects: [...]\nThreat 2: ...",{"id":26,"slug":657,"label":658,"tooltipHtml":9,"descriptionHtml":659,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":660,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"threats-abnormal-list","Threats from malfunctions, deviations, and cybersecurity threats (CIA: confidentiality, integrity, availability)","\u003Cp>Identify cybersecurity and operational threats. For each, describe materialisation, risk sources (vulnerabilities, exposures, errors), and impacts on data subjects.\u003C/p>","Threat 1: [Description]\n – Materialisation: [...]\n – Risk sources (vulnerabilities, errors): [...]\n – Impact on data subjects: [...]\nThreat 2: ...",[],{"id":663,"slug":664,"label":665,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":666,"sections":672},"cc20b327-11be-4cd0-bfbe-11ce912d829b","risk-method","4.1.b Risk Assessment Method",[667],{"id":26,"slug":668,"label":669,"tooltipHtml":9,"descriptionHtml":670,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":671,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"method-description","Explain the method followed to assess and manage risk","\u003Cp>Describe: likelihood and severity levels (scale and meanings), risk metrics, prioritisation criteria, risk acceptance levels, and reference to any established method.\u003C/p>","Likelihood scale: [...]\nSeverity scale: [...]\nRisk metrics: [...]\nPrioritisation criteria: [...]\nRisk acceptance levels: [...]\nEstablished method used (if any): [link]",[],{"id":674,"slug":675,"label":676,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":677,"questions":678,"sections":684},"fbb219dd-d848-4bc6-a190-b648bd0a000c","inherent-risk","4.1.c Inherent Risk Assessment","\u003Cp>If available, supplement this table with diagrams, charts or priority lists documenting inherent risk assessment from different perspectives.\u003C/p>",[679],{"id":26,"slug":680,"label":681,"tooltipHtml":9,"descriptionHtml":682,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":683,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"inherent-risk-table","Inherent risk assessment for each identified risk scenario","\u003Cp>For each risk scenario (from 3.1 and 4.1.a), assess: likelihood, severity, modulating factors, overall risk level, and whether the risk is acceptable.\u003C/p>","Risk 1: [Description]\n – Likelihood: [Very Low / Low / Medium / High / Very High]\n – Severity: [Very Low / Low / Medium / High / Very High]\n – Modulating factors: [...]\n – Risk level: [...]\n – Acceptable? Yes/No – Discussion: [...]\nRisk 2: ...",[],{"id":686,"slug":687,"label":688,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":689,"sections":690},"8a4e05f8-3ef2-4d9e-8df3-a97d34aecf57","action-plan","4.2 Action Plan",[],[691,702,713],{"id":692,"slug":693,"label":694,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":695,"questions":696,"sections":701},"fbfd840f-5ec8-4183-8db4-fb341d5ba5dd","additional-measures","4.2.a Additional Mitigating Measures","\u003Cp>Include all additional types of measures (technical, legal/contractual, organisational) beyond those described in section 2.3.\u003C/p>",[697],{"id":26,"slug":698,"label":699,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":700,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"additional-measures-list","Additional mitigating measures with mitigated risks, appropriateness/effectiveness and implementation status","Measure 1: [Description]\n – Mitigated risks: [...]\n – Appropriateness/Effectiveness: [...]\n – Status: Planned / Partially implemented / Implemented\nMeasure 2: ...",[],{"id":703,"slug":704,"label":705,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":706,"sections":712},"2a278a08-8142-4d7f-86b9-62e01efaf7c0","residual-risk","4.2.b Residual Risk Assessment",[707],{"id":26,"slug":708,"label":709,"tooltipHtml":9,"descriptionHtml":710,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":711,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"residual-risk-table","Residual risk assessment for each scenario after applying additional mitigating measures","\u003Cp>Reassess likelihood, severity and overall risk level after additional measures. Indicate whether the residual risk is acceptable.\u003C/p>","Risk 1: [Description]\n – Additional measures applied: [...]\n – Residual likelihood: [...]\n – Residual severity: [...]\n – Residual risk level: [...]\n – Acceptable? Yes/No – Discussion: [...]\nRisk 2: ...",[],{"id":714,"slug":715,"label":716,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":717,"sections":723},"656e1120-6ccf-4ffc-bc16-1304a6fa9b7e","implementation-plan","4.2.c Implementation Plan",[718],{"id":26,"slug":719,"label":720,"tooltipHtml":9,"descriptionHtml":721,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":722,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"plan-details","Plan to implement additional measures and monitor risks on an ongoing basis","\u003Cp>Provide necessary activities, responsible teams, timelines, and monitoring/review processes to manage risks once the processing is underway.\u003C/p>","Activities: [...]\nResponsible team: [...]\nTimelines: [...]\nMonitoring and review process: [...]\nLinks to annexes or external documentation: [...]",[],{"id":725,"slug":726,"label":727,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":728,"questions":729,"sections":730},"873138ab-ce5d-4a1d-93d4-a00d61ae9e5a","interested-parties","Involvement of Interested Parties","\u003Cp>Documentation of the consultation of the DPO and data subjects or their representatives in the DPIA process.\u003C/p>",[],[731,745],{"id":732,"slug":733,"label":734,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":735,"sections":744},"b6a8674b-0726-48f1-85a2-b8e478f2c3d0","dpo-advice","5.1 DPO Advice",[736,740],{"id":26,"slug":737,"label":738,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":739,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpo-opinion","DPO's opinion, conclusions and recommendations concerning the processing","Provide the DPO's opinion, conclusions and recommendations. If no DPO is designated, explain.",{"id":26,"slug":741,"label":742,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":743,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpo-advice-implementation","How has the DPO's advice been taken into account?","Explain how the DPO's advice has been implemented in the processing design or DPIA",[],{"id":746,"slug":747,"label":748,"emoji":9,"type":20,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":22,"descriptionHtml":9,"questions":749,"sections":762},"bd2a1b46-c0e6-4b00-b278-413e5acd4289","data-subjects-views","5.2 Views of Data Subjects or Their Representatives",[750,753,758],{"id":26,"slug":751,"label":752,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":242,"typeIndex":243,"typeColor":9,"typeIcon":9,"typeText":244,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"data-subjects-consulted","Have data subjects or their representatives been consulted?",{"id":26,"slug":754,"label":755,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":756,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":757,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"data-subjects-opinion","Views, conclusions and recommendations of data subjects or their representatives","Summarise the views, conclusions and recommendations provided",{"id":26,"separator":9,"field":751,"operator":175,"value":33,"rules":9},{"id":26,"slug":759,"label":760,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":761,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"data-subjects-participation-detail","Explanation of data subjects' participation in the DPIA process","Explain how they participated, or if not consulted – explain why consultation was not considered appropriate or possible",[],{"id":764,"slug":765,"label":766,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":767,"questions":768,"sections":812},"5f85eece-a4a3-43bc-bfe9-c05afb4d46c6","conclusion","Conclusion and Decision","\u003Cp>Formal decision on whether the processing may proceed, based on the overall risk assessment and rights analysis.\u003C/p>",[769,785,796,801,805,808],{"id":26,"slug":770,"label":771,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":194,"typeIndex":195,"typeColor":9,"typeIcon":9,"typeText":196,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":772,"listQuestions":9,"required":33,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"dpia-decision","Formal decision on this processing activity",[773,776,779,782],{"id":26,"color":9,"rangeValue":9,"label":774,"slug":775,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":33,"impact":9,"probability":9,"taskSuggestions":9},"REJECTED – The processing must be abandoned","decision-rejected",{"id":26,"color":9,"rangeValue":9,"label":777,"slug":778,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"CONSULTATION REQUIRED – Prior consultation with the Supervisory Authority required (Art. 36 GDPR)","decision-consultation",{"id":26,"color":9,"rangeValue":9,"label":780,"slug":781,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":33,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"APPROVED – The processing may proceed; residual risks are acceptable","decision-approved",{"id":26,"color":9,"rangeValue":9,"label":783,"slug":784,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"CONDITIONALLY APPROVED – Processing may proceed only after specific conditions are met","decision-conditional",{"id":26,"slug":786,"label":787,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":110,"typeIndex":111,"typeColor":9,"typeIcon":9,"typeText":112,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":788,"answers":789,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"consultation-reason","Reason for consulting the Supervisory Authority",{"id":26,"separator":9,"field":770,"operator":175,"value":778,"rules":9},[790,793],{"id":26,"color":9,"rangeValue":9,"label":791,"slug":792,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"Residual risks remain high and the controller cannot find sufficient measures to reduce them to an acceptable level without abandoning the processing","consult-high-risk",{"id":26,"color":9,"rangeValue":9,"label":794,"slug":795,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":9},"National law requires the controller to consult with and/or obtain prior authorisation from the SA for this type of processing (Art. 36(5) GDPR)","consult-national-law",{"id":26,"slug":797,"label":798,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":799,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":800,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"conditional-approval-conditions","Conditions to be met before the processing may proceed","Condition 1: [...]\nCondition 2: [...]",{"id":26,"separator":9,"field":770,"operator":175,"value":784,"rules":9},{"id":26,"slug":802,"label":803,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":804,"min":9,"max":9,"regex":9,"unit":9,"type":38,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":39,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"decision-justification","Justification of the decision (optional)","Provide any additional explanation or justification for the decision taken",{"id":26,"slug":806,"label":807,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":82,"typeIndex":83,"typeColor":9,"typeIcon":9,"typeText":82,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"decision-date","Date of the decision",{"id":26,"slug":809,"label":810,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":811,"min":9,"max":9,"regex":9,"unit":9,"type":30,"typeIndex":21,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":9,"displayConditions":9,"answers":9,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":33,"native":32},"decision-signatory","Name and function of the responsible official who approves this DPIA","Name – Function/Title",[],[814,821,828,832],{"id":26,"label":815,"variant":816,"variantIndex":11,"variantColor":817,"variantIcon":818,"variantText":816,"contentHtml":819,"displayConditions":820},"Processing Approved","Success","#1ab586","icon-checkmark","\u003Cp>\u003Cstrong>✅ The processing may proceed.\u003C/strong> Residual risks are acceptable. Ensure that the DPIA is reviewed periodically and whenever there is a change in the processing or its context.\u003C/p>",{"id":26,"separator":9,"field":770,"operator":175,"value":781,"rules":9},{"id":26,"label":822,"variant":823,"variantIndex":351,"variantColor":824,"variantIcon":825,"variantText":823,"contentHtml":826,"displayConditions":827},"Conditionally Approved","Warning","#ffc107","icon-alert-circle","\u003Cp>\u003Cstrong>⚠️ The processing may proceed only after stated conditions are met.\u003C/strong> Verify fulfilment of each condition before launching the processing and update this DPIA accordingly.\u003C/p>",{"id":26,"separator":9,"field":770,"operator":175,"value":784,"rules":9},{"id":26,"label":829,"variant":823,"variantIndex":351,"variantColor":824,"variantIcon":825,"variantText":823,"contentHtml":830,"displayConditions":831},"Prior Consultation Required","\u003Cp>\u003Cstrong>⚠️ Prior consultation with the Supervisory Authority is required (Article 36 GDPR).\u003C/strong> Do not proceed with the processing until the SA has provided written advice or, where applicable, prior authorisation. The SA must respond within 8 weeks (extendable by 6 weeks for complex cases).\u003C/p>",{"id":26,"separator":9,"field":770,"operator":175,"value":778,"rules":9},{"id":26,"label":833,"variant":834,"variantIndex":83,"variantColor":835,"variantIcon":836,"variantText":834,"contentHtml":837,"displayConditions":838},"Processing Rejected","Danger","#DC3545","icon-alert-triangle","\u003Cp>\u003Cstrong>🚫 The processing must be abandoned.\u003C/strong> The risks to the rights and freedoms of data subjects cannot be reduced to an acceptable level. The processing activity must not be implemented.\u003C/p>",{"id":26,"separator":9,"field":770,"operator":175,"value":775,"rules":9},"8d453984-2adb-48e2-10d4-08deafe83c09","1.0","EDPB DPIA Template 2026","European Data Protection Board – Data Protection Impact Assessment template (Version 1.0, March 2026). Structured framework for conducting DPIAs as required under Article 35 GDPR.","2026-05-12T15:01:00.4349563","2026-05-12T15:08:56.5812083","2026-05-27T08:28:55.3649158","PIA","Privacy impact assessment (DPIA)",{"id":849,"displayName":850,"familyName":851,"givenName":852,"email":853,"active":33,"color":854,"avatarUrl":855,"tenantId":21},20352,"Leïla Sayssa","Sayssa","Leïla","leila.sayssa@dastra.eu","#87753B","https://static.dastra.eu/tenant-3/avatar/20352/FMAlklWBfRhPXW/visuel-article-1-150.jpg",[],[],82,47]