Filling questionnaire without collaborator

To complete the PIA questionnaire without involving collaborators:

1. As a Process Owner, log in and navigate to the "Assessments" tab.

2. Click on the assessment they wish to fill out.

3. Navigate through the assessment sections using the left sidebar menu.

4. For each section (e.g., Process Details, Data Elements, Data Subjects), you'll see a series of questions and input fields.

5. a. Process Details

   The Process Details section is the first part of the assessment questionnaire:

   • You'll see the following fields:

     • Process Name: Pre-filled from your setup, but editable.

     • Description: A text area for a detailed process description.

     • Process Group: A dropdown menu to categorize the process (e.g., "Sales", "Marketing", "HR").

     • Automated processing: Radio buttons to indicate if the process involves automated processing.

     • If "Yes" is selected for automated processing, an additional text area appears for describing the automation.

   • Each field can be edited for easy modifications.

   • Required fields are marked with an asterisk (*).

Real-time risk indicator updates based on answers

As the process owner or collaborators fill out the questionnaire, the LightBeam application dynamically displays the risk levels based on the pre-assigned values of the selected answers.

• Each question with an associated risk level will display a risk indicator (e.g., color-coded circle or label) next to it.

• The overall risk level for the assessment is prominently displayed and updated in real-time as answers are provided.

1. After filling the Process Details section, click on Next.

1. b) Data Elements

In the Data Elements section, you'll specify what types of data are involved in the process:

• Click on the "Data Elements" button.

• Clicking this button opens a pop-up window with a list of predefined data elements.

• Select all relevant data elements for your process.

• As you select elements, they appear in a list format in the main panel.

• Each selected element shows its pre-assigned risk level (High, Medium, Low, or NA).

• The overall risk level for this section is displayed at the top, based on the highest risk element selected.

1. After filling all the required fields, click on Next to move to the next section.

1. c. Data Subjects

The Data Subjects section allows you to identify whose data is being processed:

• Click on the drop-down menu under Data Subjects.

• Clicking this opens a list of potential data subject categories (e.g., Employees, Customers, Vendors).

• Select all applicable categories.

• Each selected category appears with its pre-assigned risk level.

• An overall risk level for this section is shown at the top.

Example: Since Existing Customers does not have a preassigned risk value to it, the selected item does not show any risk association.

Here, the Data Subject 'Employees' displays an associated risk of 'Low'.

1. Click on Next to proceed.

2. d. Data Retention

   In the Data Retention section, you'll define how long data is kept and why:

   • This section may also display pre-assigned risk levels based on your selections. Alternatively, you can click on the +Data Retention button to enter:

     • Time duration: A dropdown to select the retention period.

     • Trigger Event: A dropdown to specify what initiates the retention period.

     • Scope: A dropdown to define what data the retention policy applies to.

   • Below these fields, there's a text area to provide justification for the chosen retention period.

To edit it, you can make changes to the retention policy and click on Add Policy.

1. If there are no changes, simply click on Next.

1. d. Safeguards

The Safeguards section allows you to document security measures:

• You'll see a text area to list the safeguards in place.

• There's an option to add multiple safeguard entries.

• Each safeguard may have a pre-assigned risk level displayed next to it.

• An overall risk level for safeguards is shown at the top of the section.

1. Click on Next.

2. f. Transfers

   In the Transfers section, you'll indicate if data is moved outside your organization:

   • Third-party Transferr:

     • Answer if personal data is transferred outside your organization as a part of this process using the radio buttons "Yes" or "No".

     • If "Yes" is selected, additional fields appear asking you for Third-Party Organisation Details such as:

       • Name

       • Email

       • Safeguards in place (Select from existing or type to add custom)

       • Address

     • Pre-assigned risk levels may be displayed based on your responses.

   • Cross-border Transfer:

     • Answer if personal data is transferred outside your national borders as a part of this process using the radio buttons "Yes" or "No".

     • If "Yes" is selected, additional fields appear asking you for Cross Border Transfer Details such as:

       • Country

       • Organization

       • Safeguards in place (Select from existing or type to add custom)

       • Email

3. Click on Proceed to Risk Review.