Submitting the assessment for DPO review

PreviousFilling questionnaire without collaborator NextDPO review process

Last updated 10 months ago

Submitting the assessment for DPO review

The process owner submits the completed assessment for Data Protection Officer (DPO) review.
Once you've completed all sections:
- Review your answers for completeness and accuracy.
- Scroll to the bottom of the assessment.
- Locate the "Proceed to Risk Review" button.
Clicking this button will send the assessment to the designated Data Protection Officer (DPO) for review.
The assessment status will change to "Review Pending".

Risk Assessment Review

After clicking "Proceed to Risk Review", you'll be taken to a summary page of all risk assessments.
This page displays:
Individual Risks:
- A breakdown of risk levels for each section (Process Details, Data Elements, Data Subjects, etc.).
- You can click on the section name to adjust the risk evaluation if necessary.

Overall Risks:
This section provides a high-level summary of the entire assessment's risk profile.

It includes:

Select Overall Risk:
- An overall risk level for the entire assessment (e.g., High, Medium, Low) in the form of an editable line graph.
- To increase or reduce the Overall Risk, the user can click on any risk-level point to increase or decrease the length of the line.
Overall Likeliness of Occurrence:
- This is represented by another editable line graph.
- It allows you to indicate how likely it is for the identified risks to actually occur.
- Similar to the Overall Risk graph, you can click on any risk-level point to increase or decrease the length of the line.

Note: When evaluating the likeliness of occurrence, consider the following key elements:

Type of Data:
- Sensitive personal data (e.g., health information, financial records, biometric data) generally carries a higher likelihood of risk if compromised.
- Consider the volume and sensitivity of the personal data being processed.
Method of Data Processing:
- Automated processing, especially those involving profiling or decision-making, may increase risk likelihood.
- Complex processing operations involving multiple stages or parties could elevate risk probability.
Data Storage Location:
- Cloud storage vs. on-premises solutions may affect risk likelihood differently.
- Geographic location of data storage, especially if outside your jurisdiction, can impact risk probability.
Security Measures:
- The robustness of your encryption, access controls, and other security protocols influences risk likelihood.
- Regular security audits and updates may lower the probability of risks occurring.
Data Transfers:
- Frequent transfers of data, especially across borders, may increase the likelihood of privacy risks.
- The security measures of third parties involved in data processing affect risk probability.
Staff Training and Awareness:
- The level of privacy awareness and training among staff handling the data impacts risk likelihood.
- Clear policies and procedures for data handling can mitigate risk probability.
Historical Incidents:
- Past privacy breaches or near-misses in similar processing activities may indicate a higher likelihood of future risks.

View the Key risk indicators or areas of concern highlighted for quick reference.

Once you're satisfied with your risk assessment review, locate the "Submit for Review" button at the bottom of the page.
In the pop-up window, enter the details:
- Data Protection Officer(DPO) or Reviewer
- Email body
- Due Date
Click on Submit to finalize your assessment and risk evaluation, sending it to the Data Protection Officer for review.

Once the assessment is submitted, the Review Status will be updated to Review Pending from Not Submitted.

This is one complete cycle of filling out and submitting of assessment. The same assessment can be modified and the Process Owner can get it reviewed multiple times.