Part of the GDPR risk lifecycle is creating and publishing assessments to your processing activities and/or third-party processors. The platform provides standard templates for GDPR Initial Assessments and Data Protection Impact Assessments (DPIA).
The process for sending GDPR Assessments is as follows:
- Create your GDPR Questionnaire using and editing templates or by uploading your own custom template. Click here to learn more about creating a questionnaire.
- Publish an assessment based on your questionnaire to your partners and/or vendors
- Evaluate the assessment after your partners have responded to your questionnaire using our secure online platform.
Note: The platform allows you to publish questionnaires that are approved or already published. Furthermore, you can publish a questionnaire only if you have Publish permissions enabled. Click here to see our full help article on Roles and Permissions.
Creating an Assessment
1. In the Assessments Module, navigate to the Manage Questionnaires screen, and click on the Publish button next to the GDPR questionnaire that you wish to publish, as shown below.
2. Optionally, you can start an assessment from the Active Assessments screen and by clicking Add Assessment, as shown below.
3. Creating and Publishing an Assessment is a 4-step process as outlined below. As each step progresses, you can review the selections on the right under the Summary section. The progress bar at the top will reflect the steps that have been completed.
1. In Step 1: Partner, select the Partner or Product for whom the GDPR Assessment is being created.
2. Select the purpose of the Assessment (for example, GDPR - Data Protection Impact Assessment) and the processing activity and click Next to proceed as shown below.
Note: You also have the option to add new Partners/Products by typing in the name of the Partner/Product.
3. In Step 2: Questionnaire, select the questionnaire template you intend to publish from the approved questionnaire list. You also have the option to search for a questionnaire using the search bar. After selecting the questionnaire, click on the Next button to proceed as shown below.
Note: This step is not required if you publish the questionnaire from the Manage Questionnaires screen.
4. In Step 3: Contact, select who is going to answer this questionnaire.
The following options are available:
- External Partner Contact - You can select this option when you are publishing the questionnaire to your external partner. You can then select or add the partner contact.
- Internal Business Unit Contact - You can select this option when publishing a questionnaire to assess an internal unit/product. You can then select or add the partner contact.
- Me - You can select this option if you are answering the questionnaire on behalf of your partner. For example, when you are conducting On-site Audits or if you have the answers through other sources.
5. After selecting the intended recipient, click on the Next button to proceed as shown below.
6. In Step 4: Review & Publish, review the selected details and make modifications if needed. Select a due date, period for the Assessment, and an optional message for the partner. Click on the Publish Assessment button to publish your assessment to the intended recipient as shown below.
Note: The questionnaire will be published and you can see the Assessment in Active Assessments screen.