[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fL0lvY-vCXu8ITscyf3GAgqakxoIaDSeXBOqTJU2PsGg":3,"$fDuOfbrGklFg9DNstLQj01v77JKgm8YTNP3W1V3nd5U4":78,"white_papers":232},{"tableOfContents":4,"markDownContent":5,"htmlContent":6,"metaTitle":7,"metaDescription":7,"wordCount":8,"readTime":9,"title":10,"nbDownloads":11,"excerpt":12,"lang":13,"url":14,"intro":15,"featured":4,"state":16,"author":17,"authorId":18,"datePublication":22,"dateCreation":23,"dateUpdate":24,"mainCategory":25,"categories":41,"metaDatas":67,"imageUrl":68,"imageThumbUrls":69,"id":77},true,"## 🚀 New Features\n\n### Data Subject Requests: Data Redaction tool\n\nHandling a data subject right request often means sharing documents — identity copies, contracts, account histories, client files. These attachments almost always contain **confidential information** that should not be passed to the requestor or any third party (data relating to other individuals, confidential contractual details, internal records). Until now, redacting those documents meant exporting them to an external tool, stepping outside of Dastra, and hoping nothing had been missed before sending the file back.\n\nDastra now includes **redaction directly inside the request**. When an attachment needs to be shared, AI analyses the document, detects zones containing third-party personal identifiers (names, addresses, contact details, personal ID numbers) and places them **automatically** on the document. Your team reviews the result, removes any false positives with a click, and can manually add any zones the AI may have missed.\n\n![](https://static.dastra.eu/richtext/09c96a47-b36a-41d3-9797-4d7301779746/pasted-image-0-original.gif)\n\nOnce reviewed, the redacted document is generated and saved to the request. The redaction is **permanent**: the output file is rasterised, meaning the underlying text is not simply \"hidden visually\" but made definitively inaccessible. The original can be kept or deleted based on the team's preference. Everything happens **without leaving the Dastra workflow**, without generating unnecessary file copies, and without the risk of an under-processed document leaving your environment.\n\nFor organisations that prefer to keep full manual control without using AI assistance, **manual redaction is available** in the same interface.\n\n![](https://static.dastra.eu/richtext/b86bbdc3-37db-4d48-9a1a-94df65e1a8ad/pasted-image-0-original.gif)\n\n---\n\n### Compliance: Merge controls and tests\n\nThe Compliance module now includes a **merge tool** to eliminate duplicates within a project or library. When similar controls or tests coexist — for instance after successive framework imports — they can now be consolidated into a single record without data loss.\n\n![](https://static.dastra.eu/richtext/cbda711c-a0e1-41e8-b8af-fc4876f3d3d3/image-original.png)\n\nThe merge tool allows you to:\n\n- Select multiple items from the list (up to 30) and trigger the merge via bulk actions\n- Compare items side by side in a comparison table and choose, field by field, which values to keep\n- Automatically consolidate all associations (evidence, requirements, risk scenarios, covered controls) onto the retained record\n\nMerging is available for **operational tests**, **reference tests**, **applied controls**, and **reference controls**. The process is entirely manual — no automatic duplicate detection is performed.\n\n![](https://static.dastra.eu/richtext/f04f0436-dd79-4767-a823-779cc8386fda/pasted-image-3-original.png)\n\n---\n\n### Data breach notifications: Managing incidents as a Data Processor\n\nThe Data breach notifications module now adapts to your organization's role in the incident: **Data Controller (DC)** or **Data Processor (DP)**.\n\nWhen creating an incident, a selector allows you to specify the role.\n\n![](https://static.dastra.eu/richtext/abeab0a7-8c4d-43ba-a640-af6c79b8b0c5/pasted-image-4-original.png)\n\nFor **Data Processor** incidents:\n\n- The supervisory authority notification step is hidden (Data Processors are not required to notify the authority directly)\n- A dedicated section for **communication to data controller clients** replaces the standard communication section\n- You can associate, track, and export the list of data controller clients involved in the incident, and automatically sync this list from the data processing activities linked to the incident\n\n![](https://static.dastra.eu/richtext/e31d1319-40ff-49e9-80df-dd368d48e641/pasted-image-5-original.png)\n\nThis update supports the specific obligations of GDPR Article 33.2, which requires Data Processors to notify their Data Controllers without undue delay in the event of a breach, without imposing the direct authority notification obligation that rests with the Data Controller.\n\n---\n\n### Privacy hubs: AI Systems in the Trust Center\n\nThe **Trust Center** (public Privacy Hub) now supports **AI Systems**. Organizations can activate a new dedicated tab in their trust portal, allowing stakeholders (clients, partners, authorities…) to view the list of artificial intelligence systems in use.\n\n![](https://static.dastra.eu/richtext/be3c0106-5a07-4730-9131-52c123dc5735/pasted-image-6-original.png)\n\n![](https://static.dastra.eu/richtext/86c38b7a-a576-4dac-90ab-9deae62988b6/pasted-image-7-original.png)\n\nThis feature responds to the transparency requirements of the European AI Act and integrates uniformly alongside the existing Trust Center modules (record of processing activities, audits, data subject right requests…). The tab is only available for organizations whose plan includes the **AI Systems** module.\n\n---\n\n### AI Assistant: AI credits and quota system\n\nThe use of Dastra's AI features is now governed by a **credit system**. Each type of AI operation (processing generation, compliance analysis, evidence verification, post-mortem report, questionnaire responses, etc.) consumes a defined number of credits. A monthly quota is allocated based on the subscribed plan.\n\nUsers can now:\n\n- View their current month's AI credit consumption from the workspace settings\n- See a color-coded progress bar (green, orange, red) indicating usage level\n- Receive a clear message when the quota is reached, with a link to upgrade options\n\nThis system ensures transparency and cost control around AI usage on the platform.\n\n![](https://static.dastra.eu/richtext/2360a177-3914-4b29-8a0d-7172d8bd721b/pasted-image-8-original.png)\n\n---\n\n## ✨ Improvements\n\n### Data subject right requests: Inherited datasets from parent organizational units\n\nThe **Datasets** tab of a data subject right request now displays all relevant datasets using a cumulative model: those linked to the assigned organizational unit (OU), all its parent OUs (up to the root of the hierarchy), and all its descendant OUs.\n\nIf the request operator does not have access rights to the relevant datasets, a visual indication will prompt them to contact the relevant responsible persons.\n\nThis improvement facilitates the processing of the request in a comprehensive manner: a request cannot be declared 100% processed if legacy datasets have not yet been processed or explicitly marked \"Not applicable\".\n\n![](https://static.dastra.eu/richtext/1ecdd96b-2354-432a-a3db-43da97bee3e7/pasted-image-9-original.png)\n\n---\n\n### Data subject right requests: Closure reason from the registry\n\nIt is now possible to **enter the closure reason** for a request directly from the registry, when selecting a final workflow step. A form opens automatically, allowing you to fill in the reason, a public description, an internal description, and the closure date — identically to the closure from the request detail view.\n\nThis improvement ensures that a reason for closure is properly recorded when requests are closed from the register, in order to preserve the quality of data and follow-up reports.\n\n![](https://static.dastra.eu/richtext/27164422-b28b-47e6-9a80-a71be64ccff1/pasted-image-10-original.png)\n\n![](https://static.dastra.eu/richtext/5470f316-2b1b-402e-bd67-076f1a336627/pasted-image-11-original.png)\n\n---\n\n### Compliance: Redesigned HTTP connector UX\n\nThe configuration interface for the **HTTP Request** connector in the Compliance module has been completely redesigned to simplify setup and strengthen credential security:\n\n- An **authentication method selector** (API Key, Authorization Token Bearer, Basic Authentication) replaces manual JSON header entry\n- **Credential fields** (token, password) are masked by default, with an eye icon to temporarily reveal them — they never appear in plain text in logs\n- **Key-value pair editors** (Postman-style) make it easy to configure custom headers and query parameters without knowing JSON syntax\n- A **read-only preview** shows the headers that will actually be sent, with sensitive values masked\n\n![](https://static.dastra.eu/richtext/1d308de6-6211-4769-a548-648006bf446d/pasted-image-12-original.png)\n\n---\n\n### Compliance: Evidence links visible from linked objects\n\nWhen a document or contract is used as evidence for a compliance test, this link is now **visible from the object itself**:\n\n- In the **Contracts** module, an icon shows the number of linked compliance tests. Clicking it opens the test list, and clicking on a test opens its details without leaving the contracts page.\n\n![](https://static.dastra.eu/richtext/bf98cd7f-8286-4643-9341-1ae474f9368a/pasted-image-13-original.png)\n\n- In the **Document management** (file manager) module, compliance tests linked to the selected document are displayed in a dedicated side panel.\n\n![](https://static.dastra.eu/richtext/9ee85553-11b8-4fe4-81d3-92bb207c0d30/pasted-image-14-original.png)\n\n---\n\n### Custom Filters: Adding condition groups\n\nThe custom filters across all Dastra modules now feature a **structured condition editor**, identical to the one already available in the workflow rules module.\n\n![](https://static.dastra.eu/richtext/fad1bdd9-2fee-46bb-bca3-b7b3436aea23/pasted-image-15-original.png)\n\nYou can now:\n\n- Combine conditions with an **And / Or** operator at the group level\n- **Nest sub-groups** of conditions for complex rules (e.g., (Step = \"In progress\" AND Address is filled) OR (Collection channel = \"Incoming email\"))\n- Add, reorganize, and delete each condition or group individually\n\nExisting filters and custom views using the previous flat structure remain functional through automatic conversion.\n\n---\n\n### Print AI analysis\n\nIt is now possible to **print the AI analysis** performed on: • A **questionnaire response & PIA** • A **data processing record** • An **AI system record**\n\nThis structured document includes the overall rating (A to F), the general assessment, the evaluated criteria with their individual ratings and justifications, as well as suggested tasks ranked by priority.\n\nA “**Print Analysis**” button appears in the analysis panel header as soon as a result is available. This allows you to easily attach the results to a report, a compliance file, or internal communication, without using screenshots.\n\n![](https://static.dastra.eu/richtext/934898ca-ff31-4559-9238-27d76abd259e/pasted-image-16-original.png)\n\n---\n\n### Data breaches: Link to AI Systems\n\nIt is now possible to **associate one or more AI Systems** with a data breach — addressing the convergence of GDPR and AI Act obligations.\n\n- A new **\"AI Systems\"** section is added to the breach form, between the \"Data Processing Activities\" and \"Risk Analysis\" sections\n\n![](https://static.dastra.eu/richtext/f6c1f10b-b685-4738-a40c-ed1a758ec1ae/pasted-image-17-original.png)\n\n- A **\"Linked AI Systems\"** column is available in the breach registry, with a dedicated filter\n- The **AI-generated post-mortem report** takes linked AI systems into account\n- The data breach dashboard now shows an indicator of the number of incidents involving at least one AI system\n\n![](https://static.dastra.eu/richtext/01176f86-1807-41fb-93b6-4bc452de0224/pasted-image-18-original.png)\n\n---\n\n### Data Mapping: Export and import datasets with their data fields\n\nThe export and import of **datasets** now include their associated **data fields**. The exported file lists, for each dataset, all linked data fields (label, sensitivity classification, personal data category), and can be re-imported directly to restore associations without an extra step.\n\nWhen importing in overwrite mode, data field associations are updated to match the file content. Fields absent from the file are unlinked; fields that don't yet exist in the workspace are automatically created.\n\n---\n\n### Planning: Custom views in the Tasks module\n\n**Pinned custom views in the toolbar** are now available in the **Planning (tasks)** module, in line with all other Dastra modules. You can save the current filter state as a named view, share it with other workspace users, and switch between views with a single click.\n\n![](https://static.dastra.eu/richtext/e5efbcd9-a60b-4d36-b47c-cb5ed2390a63/pasted-image-19-original.png)\n\n---\n\n## Other improvements\n\n- **Audits and DPIA**: The questionnaire response status previously labeled \"Published\" has been renamed **\"Validated\"**. This term more accurately reflects the action performed: validating responses.\n- **Compliance: Tooltip on AI evidence analysis** — A tooltip now explains the method used during automatic AI evidence analysis (OCR, label, test procedure…), with a link to the documentation.","\u003Ch2 id=\"new-features\">🚀 New Features\u003C/h2>\n\u003Ch3 id=\"data-subject-requests-data-redaction-tool\">Data Subject Requests: Data Redaction tool\u003C/h3>\n\u003Cp>Handling a data subject right request often means sharing documents — identity copies, contracts, account histories, client files. These attachments almost always contain \u003Cstrong>confidential information\u003C/strong> that should not be passed to the requestor or any third party (data relating to other individuals, confidential contractual details, internal records). Until now, redacting those documents meant exporting them to an external tool, stepping outside of Dastra, and hoping nothing had been missed before sending the file back.\u003C/p>\n\u003Cp>Dastra now includes \u003Cstrong>redaction directly inside the request\u003C/strong>. When an attachment needs to be shared, AI analyses the document, detects zones containing third-party personal identifiers (names, addresses, contact details, personal ID numbers) and places them \u003Cstrong>automatically\u003C/strong> on the document. Your team reviews the result, removes any false positives with a click, and can manually add any zones the AI may have missed.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/09c96a47-b36a-41d3-9797-4d7301779746/pasted-image-0-original.gif\" alt=\"\" />\u003C/p>\n\u003Cp>Once reviewed, the redacted document is generated and saved to the request. The redaction is \u003Cstrong>permanent\u003C/strong>: the output file is rasterised, meaning the underlying text is not simply \"hidden visually\" but made definitively inaccessible. The original can be kept or deleted based on the team's preference. Everything happens \u003Cstrong>without leaving the Dastra workflow\u003C/strong>, without generating unnecessary file copies, and without the risk of an under-processed document leaving your environment.\u003C/p>\n\u003Cp>For organisations that prefer to keep full manual control without using AI assistance, \u003Cstrong>manual redaction is available\u003C/strong> in the same interface.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/b86bbdc3-37db-4d48-9a1a-94df65e1a8ad/pasted-image-0-original.gif\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"compliance-merge-controls-and-tests\">Compliance: Merge controls and tests\u003C/h3>\n\u003Cp>The Compliance module now includes a \u003Cstrong>merge tool\u003C/strong> to eliminate duplicates within a project or library. When similar controls or tests coexist — for instance after successive framework imports — they can now be consolidated into a single record without data loss.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/cbda711c-a0e1-41e8-b8af-fc4876f3d3d3/image-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>The merge tool allows you to:\u003C/p>\n\u003Cul>\n\u003Cli>Select multiple items from the list (up to 30) and trigger the merge via bulk actions\u003C/li>\n\u003Cli>Compare items side by side in a comparison table and choose, field by field, which values to keep\u003C/li>\n\u003Cli>Automatically consolidate all associations (evidence, requirements, risk scenarios, covered controls) onto the retained record\u003C/li>\n\u003C/ul>\n\u003Cp>Merging is available for \u003Cstrong>operational tests\u003C/strong>, \u003Cstrong>reference tests\u003C/strong>, \u003Cstrong>applied controls\u003C/strong>, and \u003Cstrong>reference controls\u003C/strong>. The process is entirely manual — no automatic duplicate detection is performed.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/f04f0436-dd79-4767-a823-779cc8386fda/pasted-image-3-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"data-breach-notifications-managing-incidents-as-a-data-processor\">Data breach notifications: Managing incidents as a Data Processor\u003C/h3>\n\u003Cp>The Data breach notifications module now adapts to your organization's role in the incident: \u003Cstrong>Data Controller (DC)\u003C/strong> or \u003Cstrong>Data Processor (DP)\u003C/strong>.\u003C/p>\n\u003Cp>When creating an incident, a selector allows you to specify the role.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/abeab0a7-8c4d-43ba-a640-af6c79b8b0c5/pasted-image-4-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>For \u003Cstrong>Data Processor\u003C/strong> incidents:\u003C/p>\n\u003Cul>\n\u003Cli>The supervisory authority notification step is hidden (Data Processors are not required to notify the authority directly)\u003C/li>\n\u003Cli>A dedicated section for \u003Cstrong>communication to data controller clients\u003C/strong> replaces the standard communication section\u003C/li>\n\u003Cli>You can associate, track, and export the list of data controller clients involved in the incident, and automatically sync this list from the data processing activities linked to the incident\u003C/li>\n\u003C/ul>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/e31d1319-40ff-49e9-80df-dd368d48e641/pasted-image-5-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>This update supports the specific obligations of GDPR Article 33.2, which requires Data Processors to notify their Data Controllers without undue delay in the event of a breach, without imposing the direct authority notification obligation that rests with the Data Controller.\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"privacy-hubs-ai-systems-in-the-trust-center\">Privacy hubs: AI Systems in the Trust Center\u003C/h3>\n\u003Cp>The \u003Cstrong>Trust Center\u003C/strong> (public Privacy Hub) now supports \u003Cstrong>AI Systems\u003C/strong>. Organizations can activate a new dedicated tab in their trust portal, allowing stakeholders (clients, partners, authorities…) to view the list of artificial intelligence systems in use.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/be3c0106-5a07-4730-9131-52c123dc5735/pasted-image-6-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/86c38b7a-a576-4dac-90ab-9deae62988b6/pasted-image-7-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>This feature responds to the transparency requirements of the European AI Act and integrates uniformly alongside the existing Trust Center modules (record of processing activities, audits, data subject right requests…). The tab is only available for organizations whose plan includes the \u003Cstrong>AI Systems\u003C/strong> module.\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"ai-assistant-ai-credits-and-quota-system\">AI Assistant: AI credits and quota system\u003C/h3>\n\u003Cp>The use of Dastra's AI features is now governed by a \u003Cstrong>credit system\u003C/strong>. Each type of AI operation (processing generation, compliance analysis, evidence verification, post-mortem report, questionnaire responses, etc.) consumes a defined number of credits. A monthly quota is allocated based on the subscribed plan.\u003C/p>\n\u003Cp>Users can now:\u003C/p>\n\u003Cul>\n\u003Cli>View their current month's AI credit consumption from the workspace settings\u003C/li>\n\u003Cli>See a color-coded progress bar (green, orange, red) indicating usage level\u003C/li>\n\u003Cli>Receive a clear message when the quota is reached, with a link to upgrade options\u003C/li>\n\u003C/ul>\n\u003Cp>This system ensures transparency and cost control around AI usage on the platform.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/2360a177-3914-4b29-8a0d-7172d8bd721b/pasted-image-8-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch2 id=\"improvements\">✨ Improvements\u003C/h2>\n\u003Ch3 id=\"data-subject-right-requests-inherited-datasets-from-parent-organizational-units\">Data subject right requests: Inherited datasets from parent organizational units\u003C/h3>\n\u003Cp>The \u003Cstrong>Datasets\u003C/strong> tab of a data subject right request now displays all relevant datasets using a cumulative model: those linked to the assigned organizational unit (OU), all its parent OUs (up to the root of the hierarchy), and all its descendant OUs.\u003C/p>\n\u003Cp>If the request operator does not have access rights to the relevant datasets, a visual indication will prompt them to contact the relevant responsible persons.\u003C/p>\n\u003Cp>This improvement facilitates the processing of the request in a comprehensive manner: a request cannot be declared 100% processed if legacy datasets have not yet been processed or explicitly marked \"Not applicable\".\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/1ecdd96b-2354-432a-a3db-43da97bee3e7/pasted-image-9-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"data-subject-right-requests-closure-reason-from-the-registry\">Data subject right requests: Closure reason from the registry\u003C/h3>\n\u003Cp>It is now possible to \u003Cstrong>enter the closure reason\u003C/strong> for a request directly from the registry, when selecting a final workflow step. A form opens automatically, allowing you to fill in the reason, a public description, an internal description, and the closure date — identically to the closure from the request detail view.\u003C/p>\n\u003Cp>This improvement ensures that a reason for closure is properly recorded when requests are closed from the register, in order to preserve the quality of data and follow-up reports.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/27164422-b28b-47e6-9a80-a71be64ccff1/pasted-image-10-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/5470f316-2b1b-402e-bd67-076f1a336627/pasted-image-11-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"compliance-redesigned-http-connector-ux\">Compliance: Redesigned HTTP connector UX\u003C/h3>\n\u003Cp>The configuration interface for the \u003Cstrong>HTTP Request\u003C/strong> connector in the Compliance module has been completely redesigned to simplify setup and strengthen credential security:\u003C/p>\n\u003Cul>\n\u003Cli>An \u003Cstrong>authentication method selector\u003C/strong> (API Key, Authorization Token Bearer, Basic Authentication) replaces manual JSON header entry\u003C/li>\n\u003Cli>\u003Cstrong>Credential fields\u003C/strong> (token, password) are masked by default, with an eye icon to temporarily reveal them — they never appear in plain text in logs\u003C/li>\n\u003Cli>\u003Cstrong>Key-value pair editors\u003C/strong> (Postman-style) make it easy to configure custom headers and query parameters without knowing JSON syntax\u003C/li>\n\u003Cli>A \u003Cstrong>read-only preview\u003C/strong> shows the headers that will actually be sent, with sensitive values masked\u003C/li>\n\u003C/ul>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/1d308de6-6211-4769-a548-648006bf446d/pasted-image-12-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"compliance-evidence-links-visible-from-linked-objects\">Compliance: Evidence links visible from linked objects\u003C/h3>\n\u003Cp>When a document or contract is used as evidence for a compliance test, this link is now \u003Cstrong>visible from the object itself\u003C/strong>:\u003C/p>\n\u003Cul>\n\u003Cli>In the \u003Cstrong>Contracts\u003C/strong> module, an icon shows the number of linked compliance tests. Clicking it opens the test list, and clicking on a test opens its details without leaving the contracts page.\u003C/li>\n\u003C/ul>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/bf98cd7f-8286-4643-9341-1ae474f9368a/pasted-image-13-original.png\" alt=\"\" />\u003C/p>\n\u003Cul>\n\u003Cli>In the \u003Cstrong>Document management\u003C/strong> (file manager) module, compliance tests linked to the selected document are displayed in a dedicated side panel.\u003C/li>\n\u003C/ul>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/9ee85553-11b8-4fe4-81d3-92bb207c0d30/pasted-image-14-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"custom-filters-adding-condition-groups\">Custom Filters: Adding condition groups\u003C/h3>\n\u003Cp>The custom filters across all Dastra modules now feature a \u003Cstrong>structured condition editor\u003C/strong>, identical to the one already available in the workflow rules module.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/fad1bdd9-2fee-46bb-bca3-b7b3436aea23/pasted-image-15-original.png\" alt=\"\" />\u003C/p>\n\u003Cp>You can now:\u003C/p>\n\u003Cul>\n\u003Cli>Combine conditions with an \u003Cstrong>And / Or\u003C/strong> operator at the group level\u003C/li>\n\u003Cli>\u003Cstrong>Nest sub-groups\u003C/strong> of conditions for complex rules (e.g., (Step = \"In progress\" AND Address is filled) OR (Collection channel = \"Incoming email\"))\u003C/li>\n\u003Cli>Add, reorganize, and delete each condition or group individually\u003C/li>\n\u003C/ul>\n\u003Cp>Existing filters and custom views using the previous flat structure remain functional through automatic conversion.\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"print-ai-analysis\">Print AI analysis\u003C/h3>\n\u003Cp>It is now possible to \u003Cstrong>print the AI analysis\u003C/strong> performed on: • A \u003Cstrong>questionnaire response &amp; PIA\u003C/strong> • A \u003Cstrong>data processing record\u003C/strong> • An \u003Cstrong>AI system record\u003C/strong>\u003C/p>\n\u003Cp>This structured document includes the overall rating (A to F), the general assessment, the evaluated criteria with their individual ratings and justifications, as well as suggested tasks ranked by priority.\u003C/p>\n\u003Cp>A “\u003Cstrong>Print Analysis\u003C/strong>” button appears in the analysis panel header as soon as a result is available. This allows you to easily attach the results to a report, a compliance file, or internal communication, without using screenshots.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/934898ca-ff31-4559-9238-27d76abd259e/pasted-image-16-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"data-breaches-link-to-ai-systems\">Data breaches: Link to AI Systems\u003C/h3>\n\u003Cp>It is now possible to \u003Cstrong>associate one or more AI Systems\u003C/strong> with a data breach — addressing the convergence of GDPR and AI Act obligations.\u003C/p>\n\u003Cul>\n\u003Cli>A new \u003Cstrong>\"AI Systems\"\u003C/strong> section is added to the breach form, between the \"Data Processing Activities\" and \"Risk Analysis\" sections\u003C/li>\n\u003C/ul>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/f6c1f10b-b685-4738-a40c-ed1a758ec1ae/pasted-image-17-original.png\" alt=\"\" />\u003C/p>\n\u003Cul>\n\u003Cli>A \u003Cstrong>\"Linked AI Systems\"\u003C/strong> column is available in the breach registry, with a dedicated filter\u003C/li>\n\u003Cli>The \u003Cstrong>AI-generated post-mortem report\u003C/strong> takes linked AI systems into account\u003C/li>\n\u003Cli>The data breach dashboard now shows an indicator of the number of incidents involving at least one AI system\u003C/li>\n\u003C/ul>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/01176f86-1807-41fb-93b6-4bc452de0224/pasted-image-18-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"data-mapping-export-and-import-datasets-with-their-data-fields\">Data Mapping: Export and import datasets with their data fields\u003C/h3>\n\u003Cp>The export and import of \u003Cstrong>datasets\u003C/strong> now include their associated \u003Cstrong>data fields\u003C/strong>. The exported file lists, for each dataset, all linked data fields (label, sensitivity classification, personal data category), and can be re-imported directly to restore associations without an extra step.\u003C/p>\n\u003Cp>When importing in overwrite mode, data field associations are updated to match the file content. Fields absent from the file are unlinked; fields that don't yet exist in the workspace are automatically created.\u003C/p>\n\u003Chr />\n\u003Ch3 id=\"planning-custom-views-in-the-tasks-module\">Planning: Custom views in the Tasks module\u003C/h3>\n\u003Cp>\u003Cstrong>Pinned custom views in the toolbar\u003C/strong> are now available in the \u003Cstrong>Planning (tasks)\u003C/strong> module, in line with all other Dastra modules. You can save the current filter state as a named view, share it with other workspace users, and switch between views with a single click.\u003C/p>\n\u003Cp>\u003Cimg loading=\"lazy\"  src=\"https://static.dastra.eu/richtext/e5efbcd9-a60b-4d36-b47c-cb5ed2390a63/pasted-image-19-original.png\" alt=\"\" />\u003C/p>\n\u003Chr />\n\u003Ch2 id=\"other-improvements\">Other improvements\u003C/h2>\n\u003Cul>\n\u003Cli>\u003Cstrong>Audits and DPIA\u003C/strong>: The questionnaire response status previously labeled \"Published\" has been renamed \u003Cstrong>\"Validated\"\u003C/strong>. This term more accurately reflects the action performed: validating responses.\u003C/li>\n\u003Cli>\u003Cstrong>Compliance: Tooltip on AI evidence analysis\u003C/strong> — A tooltip now explains the method used during automatic AI evidence analysis (OCR, label, test procedure…), with a link to the documentation.\u003C/li>\n\u003C/ul>\n",null,1750,10,"New version 2.0.4: data redaction!",0,"Release notes","en","new-version-204-data-redaction","This version introduces a redaction tool for attachments directly within data subject requests, eliminating any risk of sensitive data leakage without leaving Dastra. The Data Breaches module now adapts to the Data Processor role, in compliance with Article 33.2 of the GDPR. And much more...","Published",{"id":18,"displayName":19,"avatarUrl":7,"bio":7,"blogUrl":7,"color":7,"userId":20,"creationDate":21},25695,"Benoît Cadieux",22098,"2026-01-26T13:29:24","2026-06-17T21:55:00","2026-06-17T19:55:04.8187894","2026-06-18T07:48:57.4181679",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":31},2,"Blog","A list of curated articles provided by the community","blog","#28449a",[32,35,38],{"lang":33,"name":27,"description":34},"fr","Une liste d'articles rédigés par la communauté",{"lang":36,"name":27,"description":37},"es","Una lista de artículos escritos por la comunidad",{"lang":39,"name":27,"description":40},"de","Eine Liste von Artikeln, die von der Community verfasst wurden",[42,47],{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":43},[44,45,46],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},{"id":9,"name":12,"description":48,"url":49,"color":50,"parentId":26,"count":7,"imageUrl":7,"parent":51,"order":56,"translations":57},"Keep up with the latest features of Dastra: product updates, new functionalities, and improvements to our GDPR compliance and data management platform.","release","#8c316a",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":52},[53,54,55],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},5,[58,61,64],{"lang":33,"name":59,"description":60},"Notes de version","Restez informé(e) des dernières fonctionnalités de Dastra : mises à jour, évolutions produit et améliorations de notre solution de conformité RGPD et de gestion des données personnelles.",{"lang":39,"name":62,"description":63},"Veröffentlichungen","Alle Versionshinweise und Funktionen von Dastra",{"lang":36,"name":65,"description":66},"Lanzamientos","Todas las notas de la versión e información sobre las funciones de Dastra",[],"https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-original.webp",[70,71,72,73,74,75,76],"https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-1000.webp","https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog.webp","https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-1500.webp","https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-800.webp","https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-600.webp","https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-300.webp","https://static.dastra.eu/content/38f47c69-95eb-4537-a9f0-b277ae0201c9/wrench-blog-100.webp",60110,{"total":79,"items":80,"parent":227},8,[81,102,123,145,155,176,194,210],{"id":82,"name":83,"description":84,"url":85,"color":86,"parentId":26,"count":7,"imageUrl":7,"parent":87,"order":79,"translations":92},20,"Inside Dastra","Go behind the scenes at Dastra: company news, culture, events, team highlights, and the people driving our GDPR solution.","dastra-life","#e3cf68",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":88},[89,90,91],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},[93,96,99],{"lang":33,"name":94,"description":95},"Vie de Dastra","Plongez dans les coulisses de Dastra : actualités internes, culture d’entreprise, événements, équipes et engagements. Découvrez qui se cache derrière notre solution RGPD.",{"lang":39,"name":97,"description":98},"Innerhalb von Dastra","Eintauchen in das Unternehmen",{"lang":36,"name":100,"description":101},"Dentro de Dastra","Sumérjase en la empresa",{"id":103,"name":104,"description":105,"url":106,"color":107,"parentId":26,"count":7,"imageUrl":7,"parent":108,"order":113,"translations":114},69,"Expertise","Gain insights from our experts on GDPR compliance, data protection, and privacy challenges. In-depth articles, professional analysis, and real-world best practices.","indepth","#000000",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":109},[110,111,112],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},7,[115,117,120],{"lang":33,"name":104,"description":116},"Bénéficiez des conseils de nos experts sur la conformité RGPD, la protection des données et les enjeux privacy. Articles de fond, analyses et retours d’expérience métier.",{"lang":39,"name":118,"description":119},"Fachwissen","Entdecken Sie die Artikel unserer DSGVO-Experten",{"lang":36,"name":121,"description":122},"Experiencia","Descubre los artículos de nuestros expertos en Privacy",{"id":124,"name":125,"description":126,"url":127,"color":128,"parentId":26,"count":7,"imageUrl":7,"parent":129,"order":134,"translations":135},4,"Use cases","Discover how companies use Dastra to manage their GDPR compliance. Testimonials, use cases, and real-world integrations of our privacy management solution.","case-studies","#b61b9c",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":130},[131,132,133],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},6,[136,139,142],{"lang":33,"name":137,"description":138},"Retours d'expérience","Découvrez comment les entreprises utilisent Dastra pour piloter leur conformité RGPD. Témoignages, cas d’usage et intégrations concrètes de notre solution de privacy management.",{"lang":39,"name":140,"description":141},"Case Studies","Entdecken Sie die Erfahrungsberichte unserer Kunden",{"lang":36,"name":143,"description":144},"Casos prácticos","Descubra los testimonios de nuestros clientes",{"id":9,"name":12,"description":48,"url":49,"color":50,"parentId":26,"count":7,"imageUrl":7,"parent":146,"order":56,"translations":151},{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":147},[148,149,150],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},[152,153,154],{"lang":33,"name":59,"description":60},{"lang":39,"name":62,"description":63},{"lang":36,"name":65,"description":66},{"id":156,"name":157,"description":158,"url":159,"color":160,"parentId":26,"count":7,"imageUrl":7,"parent":161,"order":124,"translations":166},9,"News","Stay up to date with the latest news from data protection authorities: decisions, fines, guidelines, and regulatory trends in GDPR and privacy.","news","#1676ca",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":162},[163,164,165],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},[167,170,173],{"lang":33,"name":168,"description":169},"Actualités","Suivez les dernières actualités des autorités de protection des données (CNIL, EDPS, etc.) : décisions, sanctions, lignes directrices et tendances réglementaires en matière de RGPD et de privacy.",{"lang":36,"name":171,"description":172},"Actualidad","Todos los artículos relativos a las autoridades de protección de datos",{"lang":39,"name":174,"description":175},"Nachrichten","Alle Artikel mit Bezug zu Datenschutzbehörden",{"id":177,"name":178,"description":179,"url":180,"color":107,"parentId":26,"count":7,"imageUrl":7,"parent":181,"order":186,"translations":187},221,"AI Governance","Best practices, regulatory frameworks and real-world insights to manage AI responsibly and in compliance with the AI Act.","ai-governance",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":182},[183,184,185],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},3,[188,191],{"lang":33,"name":189,"description":190},"Gouvernance de l'IA","Bonnes pratiques, cadres réglementaires et retours d'expérience pour piloter l'IA de façon responsable et conforme à l'AI Act.",{"lang":39,"name":192,"description":193},"KI-Governance","Best Practices, regulatorische Rahmenbedingungen und Praxiserfahrungen für einen verantwortungsvollen KI-Einsatz im Einklang mit dem AI Act.",{"id":195,"name":196,"description":197,"url":198,"color":107,"parentId":26,"count":7,"imageUrl":7,"parent":199,"order":26,"translations":204},220,"Compliance","Regulatory news, practical guides and analysis to keep your organization compliant with the GDPR and beyond.","compliance",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":200},[201,202,203],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},[205,208],{"lang":33,"name":206,"description":207},"Conformité","Actualités réglementaires, guides pratiques et analyses pour maintenir votre organisation en conformité RGPD et au-delà.",{"lang":39,"name":196,"description":209},"Regulatorische Neuigkeiten, Praxisleitfäden und Analysen, um Ihre Organisation DSGVO-konform und darüber hinaus aufzustellen.",{"id":211,"name":212,"description":213,"url":214,"color":107,"parentId":26,"count":7,"imageUrl":7,"parent":215,"order":220,"translations":221},219,"Privacy","Principles, techniques and trends in personal data protection — from privacy by design to data subject rights.","privacy",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":216},[217,218,219],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},1,[222,224],{"lang":33,"name":212,"description":223},"Principes, techniques et tendances autour de la protection des données personnelles — de la privacy by design aux droits des personnes.",{"lang":39,"name":225,"description":226},"Datenschutz","Grundsätze, Methoden und Trends zum Schutz personenbezogener Daten — von Privacy by Design bis zu Betroffenenrechten.",{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":228},[229,230,231],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},{"items":233,"total":275,"size":220,"page":220},[234],{"title":235,"nbDownloads":79,"excerpt":7,"lang":13,"url":236,"intro":237,"featured":238,"state":16,"author":239,"authorId":240,"datePublication":244,"dateCreation":245,"dateUpdate":246,"mainCategory":247,"categories":253,"metaDatas":261,"imageUrl":265,"imageThumbUrls":266,"id":274},"Your Checklist to Multi-State Privacy Impact Assessments ","your-checklist-to-multi-state-privacy-impact-assessment-compliance","Master multi-state Privacy Impact Assessments by downloading this checklist.",false,{"id":240,"displayName":241,"avatarUrl":242,"bio":7,"blogUrl":7,"color":7,"userId":240,"creationDate":243},20352,"Leïla Sayssa","https://static.dastra.eu/tenant-3/avatar/20352/TDYeY3C8Rz1lLE/dpo-avatar-h01-150.png","2025-03-03T11:08:22","2026-02-23T10:07:00","2026-02-23T10:07:01.6114712","2026-02-24T15:38:38.0037058",{"id":248,"name":249,"description":7,"url":250,"color":251,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":186,"translations":252},70,"Livre blanc","white-papers","#1795d3",[],[254,259],{"id":26,"name":27,"description":28,"url":29,"color":30,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":11,"translations":255},[256,257,258],{"lang":33,"name":27,"description":34},{"lang":36,"name":27,"description":37},{"lang":39,"name":27,"description":40},{"id":248,"name":249,"description":7,"url":250,"color":251,"parentId":7,"count":7,"imageUrl":7,"parent":7,"order":186,"translations":260},[],[262],{"typeMetaDataId":124,"value":263,"id":264},"https://static.dastra.eu/backofficefilescontainer/6c9c6770-09f5-44d2-ac35-466a87c40426/US PIA Cross State Checklist Best Practices.pdf",117305,"https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-original.jpg",[267,268,269,270,271,272,273],"https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-1000.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-1500.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-800.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-600.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-300.webp","https://static.dastra.eu/content/a321130b-375a-4a3f-b9d5-e9d9afea648e/visuel-article-18-100.webp",59886,12]