The GDPR regulation requires a Data Protection Impact Assessment (DPIA) for all processing activities representing a high risk to data subjects. In order to support and guide the respective assessment workshop, a detailed DPIA workshop guidance questionnaire is recommended. The requirements for this assessment can vary from country to country.
ARIS Accelerators for GDPR uses the Survey Management of ARIS Risk & Compliance Manager to assess the data protection impact of each processing activity. ARIS Risk & Compliance Manager ensures the segregation of duties principle and offers an audit trail of any changes.
ARIS Accelerators for GDPR contains a questionnaire (GDPR Data Protection Impact Assessment) for assessing the processing activities. This template is based on the recommendations of Germany's Bitkom association. For each processing activity, the results of the assessments are commented on and a degree of fulfillment is selected. By default, there are four degrees of fulfillment: not fulfilled, partly fulfilled, widely fulfilled, and completely fulfilled. If necessary, you can enhance the degrees of fulfillment. This template is meant to be an initial questionnaire template that can be customized.
Each degree of fulfillment represents a fulfillment score. This score serves to first focus on the less fulfilled aspects of the processing activity. The questionnaire serves to describe and evaluate each of the recommended assessment areas, and, if appropriate, to create mitigation measures (issues in ARIS Risk & Compliance Manager).
The creation of the data protection impact assessment survey with the Survey Management of ARIS Risk & Compliance Manager is performed in two steps for each processing activity: