PIA Templates
Last updated
Last updated
LightBeam offers two types of PIA templates:
User-Created Templates: Customizable templates tailored to an organization's specific needs and context.
System Templates: Pre-built templates included with the application, covering common data processing scenarios and best practices.
Create custom templates tailored to your company's specific needs and context.
Template Creation Process:
Follow a streamlined process to design and implement custom templates that align with your organization's unique requirements, existing processes, and best practices.
Click on the "Privacy Ops" header in the LightBeam application.
From the dropdown menu that appears, click on the "PIA" (Privacy Impact Assessment) option.
Click on the "+ Create New" button in the top right corner to initiate template creation
On the template editor screen, define template details (name, description).
Process Details
This will open up a pop-up window where you can edit the question by:
Toggling the 'Associate Risk' button to add a risk value.
Toggling the 'Mandatory' button to make the field compulsory.
Assigning a risk level by choosing from the drop-down menu adjacent to the field such as High, Medium, Low, NA.
Once you have assigned the Risk Level to the required fields, you can click on the Save button. This will display a 'Risk Configured' sign next to the question.
Similarly, you can edit the rest of the stages of the questionnaire such as:
Data Elements
Data Subjects
Data Retention
Safeguards
6. Transfers
Once the template has been suitably updated, click on the Save button. Then, click on Submit.
This will save the template.
7. The edited template will now be available in the list of Templates and for use in new PIA assessments.
LightBeam provides a set of pre-built system templates that cover common data processing scenarios and best practices. These templates are designed to help organizations quickly assess their privacy risks and ensure compliance with relevant regulations.
Cloning and Editing System Templates: System templates can be cloned and edited to adapt to evolving privacy requirements and organizational needs. This allows you to leverage the pre-built structure and content while customizing the template to fit your specific context.
To clone a system template:
Locate the system template you wish to clone from the list of templates.
Select "Clone" from the dropdown menu (Image 20).
Template Details:
Rename the cloned template for easy identification.
Modify the description to reflect your specific use case.
Process Details:
To edit individual elements, click on the Edit (✏️) icon adjacent to the field name.
For example, click the edit icon next to "Process Group" to modify options.
This will open up a pop-up window where you can edit the question by:
Toggling the 'Associate Risk' button to add a risk value.
Toggling the 'Mandatory' button to make the field compulsory.
Assigning a risk level by choosing from the drop-down menu adjacent to the field such as High, Medium, Low, NA.
Once you have assigned the Risk Level to the required fields, you can click on the Save button.
Once you have configured the Risk Level, it will display a 'Risk Configured' sign next to the field.
Data Elements
Navigate to the "Data Elements" tab in the left sidebar of the PIA template. The main panel will display the Data Elements configuration area.
Locate the edit icon (✏️) in the top right corner of the Data Elements section (circled in red in Figure 1). Click on this icon to open the Edit Question pop-up.
In the Edit Question pop-up, you can toggle the Associate Risk tab to add the risk coefficient to Data Elements stage.
In the "General" tab, you'll see a list of pre-defined data elements with their corresponding sensitivity levels.
Assign Risk Levels:
For each data element, there's a dropdown menu in the "Risk" column.
Click on the dropdown to select the appropriate risk level:
NA (Not Applicable)
Low
Medium
High
High 19th June (custom option)
Example:
For sensitive data like "USA Social Security Number", consider setting the risk level to "High".
For less sensitive data, you may choose "Low" or "Medium" as appropriate.
After configuring General data elements, click on Next to move to the "Special" tab.
Follow the same process to assign risk levels to special category data elements.
For example, if "Racial/Ethnic Origin" is listed, you might set its risk level to "High" due to its sensitive nature.
After assigning risk levels to all relevant data elements in both General and Special categories, click the "Save" button.
Once you have configured the Risk Level, it will display a 'Risk Configured' sign next to the field.
Data Subjects
Click on the "Data Subjects" option in the left sidebar of the PIA template.
Locate and click on the edit icon (✏️) next to the "Data Subjects" header.
In the Edit Question pop-up, you can toggle the Associate Risk tab to add the risk coefficient to Data Subjects stage.
In the pop-up window, you'll see a list of potential data subject categories (e.g., Employees, Customers, Vendors).
For each category, assign a risk level using the dropdown menu:
High
Medium
Low
NA
(or Customized)
Example:
For sensitive categories like "Minors", consider assigning a "High" risk level.
For general categories like "Adult Customers", a "Medium" or "Low" risk might be appropriate.
After assigning risk levels, click "Save" to apply your changes.
Once you have configured the Risk Level, it will display a 'Risk Configured' sign next to the field.
Data Retention
Navigate to the "Data Retention" section in the left sidebar of the PIA template.
Click on the edit icon (✏️) next to the "Data Retention" header to modify retention details.
In the edit window, you'll see options to specify:
Time Duration: A dropdown field labeled "Time duration" with a "Select" placeholder, allowing users to choose the length of time data will be retained.
Trigger Event: Another dropdown field labeled "Trigger Event" with a "Select" placeholder. This likely allows users to specify what event initiates the retention period (e.g., data collection, end of contract, etc.).
Scope: A third dropdown field labeled "Scope" with a "Select" placeholder. This field probably lets users define the scope of data to which the retention policy applies.
If applicable, you can associate risk levels with different retention scenarios:
Click on "Associate Risk" to enable risk assignment.
Use the dropdown menu to select risk levels (e.g., High, Medium, Low, NA) for each retention scenario.
After configuring the retention details and risk levels, click "Save" to apply your changes.
Safeguards
Select "Safeguards" from the left sidebar menu.
Click the edit icon (✏️) to access the safeguards configuration.
Toggle the 'Associate Risk' button to add a risk value to each safeguard.
Add new safeguards by clicking on the "+" button.
Remove safeguards by clicking on the "-" button next to each measure.
For each safeguard, you have the option to:
Provide a description of the measure.
Assign a risk level (High, Medium, Low, NA, Customised).
After adding all relevant safeguards and assigning risk levels, click "Save" to confirm your configuration.
Transfers
Click on "Transfers" in the left sidebar menu.
Use the edit icon (✏️) to modify transfer information.
specify:
Whether data is transferred outside the organization.
If applicable, list the countries to which data is transferred.
For each transfer scenario, you can:
Provide details about the transfer.
Assign a risk level if the "Associate Risk" feature is enabled.
Document transfer safeguards:
Add details about measures in place to ensure data protection during transfers.
This might include encryption methods, data transfer agreements, etc.
After configuring all transfer details and risk levels, click "Save" to apply your settings
Add Section
At the bottom of the left sidebar, you'll see an "Add Section" button.
Clicking this button allows you to create a custom section in your PIA template.
When adding a new section:
Provide a name for the new section under 'Title'.
Provide a description for the new section under 'Description'.
Toggle the mandatory button to make the section compulsory to fill.
Use this feature to tailor the PIA template to your organization's specific needs or to address unique aspects of certain data processing activities.
After configuring your new section, save your changes to add it to the PIA template structure.
Once the template has been suitably updated, click on the Save button.
Then, click on Submit.
This will save the template.
The edited template will now be available in the list of Templates and for use in new PIA assessments.
Navigate to Templates icon ( ) in the left sidebar menu.
To edit individual elements click on the Edit ( ) icon adjacent to the field name. For example: Process Group.
Removing a field by clicking on the minus ( ) sign next to it.
Navigate to the Templates icon ( ) in the left sidebar menu.
Click on the three-dot menu icon ( ) under the "Actions" column next to the template name.
Removing a field by clicking on the minus ( ) sign next to it.
