Difference between revisions of "Privacy Impact Assessments"
(→Privileges) |
|||
| (12 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== Introduction to Privacy Impact Assessments == | == Introduction to Privacy Impact Assessments == | ||
| − | In Privacy-Now®, ''Privacy Impact assessments'' are focused | + | In Privacy-Now®, ''Privacy Impact assessments'' are focused to assess the risks associated with data processing activities (actually they are ''Data Protection Impact Assessments''). |
| − | |||
| − | The process enables to record '' | + | The process enables to record ''Privacy Impact Assessments'' and to support their fulfilment. ''Privacy Impact Assessments'' are typically related to one or more ''processing activities'', those to which they refer to. |
== Workflow == | == Workflow == | ||
| − | A new '' | + | A new ''Privacy Impact Assessment'' can be created using the '''Add New''' functionality and choosing "New Privacy Impact Assessment". |
| − | A workflow enables to move the '' | + | A workflow enables to move the ''Privacy Impact Assessment" in several statuses as shown in the following picture. |
| − | [[File: | + | [[File: Privacy_Impact_Assessment_workflow_ENG_v1.0.JPG|centre|thumb|800x800px|Privacy Impact Assessments workflow and statuses.]] |
| Line 19: | Line 18: | ||
! Status !! Description | ! Status !! Description | ||
|- | |- | ||
| − | |Default || A temporary status when the '' | + | |Default || A temporary status when the ''Privacy Impact Assessment'' is initially created before the first save. |
|- | |- | ||
| − | |Opened || | + | |Opened || A ''Privacy Impact Assessment'' in this status is draft. |
|- | |- | ||
| − | | | + | |Detailed Assessment || This status means that a detailed assessment needs to be executed. If a significant risk is found during the preliminary assessment, the transition through this status is required before closing the ''Privacy Impact Assessment''. |
|- | |- | ||
| − | | | + | |Suspended || Activities concerning the ''Privacy Impact Assessment'' are temporarily suspended. |
|- | |- | ||
| − | | | + | |Closed || In this status, the assessment is completed. |
|- | |- | ||
| − | | | + | |Cancelled || ''Privacy Impact Assessment'' cancelled. This is an end of life status. |
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
|} | |} | ||
== Information == | == Information == | ||
| − | '' | + | ''Privacy Impact Assessment'' records are organized in four sections: |
| − | * <u>''Identification''</u>, where identification data of the '' | + | * <u>''Identification''</u>, where identification data of the ''Privacy Impact Assessment'' are recorded, |
| − | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the '' | + | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the ''Privacy Impact Assessment''; |
| − | * <u>'' | + | * <u>''Risk Assessment Questions''</u>, containing the preliminary assessment questions; |
| − | * <u>'' | + | * <u>''Impact Assessment Questions''</u>, if any significant risk is found in the <u>''Risk Assessment Questions''</u> section, it contains detailed impact assessment questions (''DPIA''); |
| − | |||
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field. | Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field. | ||
| Line 51: | Line 45: | ||
== Privileges == | == Privileges == | ||
| − | '' | + | ''Privacy Impact Assessments'' can be created by the ''users'' to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege). |
| − | The lifecycle of the '' | + | The lifecycle of the ''Privacy Impact Assessment'' is managed by the roles described in the table below. ''Groups'' are pre assigned to the roles according to the ''settings'' (see [[Settings]] for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled ''groups'' (see once again [[Settings]] for more information on how to enable ''groups''). |
{| class="wikitable" | {| class="wikitable" | ||
| Line 67: | Line 61: | ||
|<u>Data Processor Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. | |<u>Data Processor Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. | ||
|- | |- | ||
| − | |<u> | + | |<u>Assessment Team</u> || Members of this ''group'' have several privileges. They can manage the entire lifecycle, being enabled to: |
* transition records to any compatible status, | * transition records to any compatible status, | ||
* update fields when possible. | * update fields when possible. | ||
|- | |- | ||
| − | |<u> | + | |<u>Auditors Team</u> || Members of the ''group'' assigned to this role have view (read) privileges. |
|- | |- | ||
| − | |<u>Owner</u> || This role can be assigned to a single user among members of the ''groups'' previously described. The <u>Owner</u> has several privileges: | + | |<u>PIA Owner</u> || This role can be assigned to a single user among members of the ''groups'' previously described. The <u>Owner</u> has several privileges: |
* transition to any compatible status, | * transition to any compatible status, | ||
* update fields when possible. | * update fields when possible. | ||
|} | |} | ||
| − | |||
| − | |||
| − | |||
== Reports == | == Reports == | ||
| − | The list of '' | + | The list of ''Privacy Impact Assessments'' can be filtered and exported to excel format from the ''view'' '''''Privacy Impact Assessments'''''. |
== Related processes == | == Related processes == | ||
| − | '' | + | ''Privacy Impact Assessments'' can be related to ''processing activities'', ''risks'' and ''issues / non conformities''. |
Latest revision as of 10:44, 10 October 2018
Contents
Introduction to Privacy Impact Assessments
In Privacy-Now®, Privacy Impact assessments are focused to assess the risks associated with data processing activities (actually they are Data Protection Impact Assessments).
The process enables to record Privacy Impact Assessments and to support their fulfilment. Privacy Impact Assessments are typically related to one or more processing activities, those to which they refer to.
Workflow
A new Privacy Impact Assessment can be created using the Add New functionality and choosing "New Privacy Impact Assessment".
A workflow enables to move the Privacy Impact Assessment" in several statuses as shown in the following picture.
The following table explains the meaning of each status:
| Status | Description |
|---|---|
| Default | A temporary status when the Privacy Impact Assessment is initially created before the first save. |
| Opened | A Privacy Impact Assessment in this status is draft. |
| Detailed Assessment | This status means that a detailed assessment needs to be executed. If a significant risk is found during the preliminary assessment, the transition through this status is required before closing the Privacy Impact Assessment. |
| Suspended | Activities concerning the Privacy Impact Assessment are temporarily suspended. |
| Closed | In this status, the assessment is completed. |
| Cancelled | Privacy Impact Assessment cancelled. This is an end of life status. |
Information
Privacy Impact Assessment records are organized in four sections:
- Identification, where identification data of the Privacy Impact Assessment are recorded,
- Ownership & Organization, containing the assignment of the key roles enabled to manage the Privacy Impact Assessment;
- Risk Assessment Questions, containing the preliminary assessment questions;
- Impact Assessment Questions, if any significant risk is found in the Risk Assessment Questions section, it contains detailed impact assessment questions (DPIA);
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.
Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.
Privileges
Privacy Impact Assessments can be created by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).
The lifecycle of the Privacy Impact Assessment is managed by the roles described in the table below. Groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).
| Role | Description |
|---|---|
| DPO Group | Members of the group assigned to this role have full privileges. They can:
|
| Data Controller Group | Members of the group assigned to this role have view (read) privileges. |
| Data Processor Group | Members of the group assigned to this role have view (read) privileges. |
| Assessment Team | Members of this group have several privileges. They can manage the entire lifecycle, being enabled to:
|
| Auditors Team | Members of the group assigned to this role have view (read) privileges. |
| PIA Owner | This role can be assigned to a single user among members of the groups previously described. The Owner has several privileges:
|
Reports
The list of Privacy Impact Assessments can be filtered and exported to excel format from the view Privacy Impact Assessments.
Related processes
Privacy Impact Assessments can be related to processing activities, risks and issues / non conformities.
