To best meet GDPR requirements, qualification of application systems for data protection can be a viable option, especially if you have no access to a detailed inventory of corporate data objects. The requirements for this qualification can vary from country to country.
ARIS Accelerators for GDPR uses the Survey Management of ARIS Risk and Compliance to qualify application systems. ARIS Risk and Compliance ensures the segregation of duties principle and offers an audit trail of any changes. ARIS Accelerators for GDPR contains a scoring questionnaire (Application System Qualification) for qualifying application systems. Each question of this qualification questionnaire adds a score to the total score of the relevant application system. This score can be interpreted as a risk score. This template is meant to be an initial questionnaire template that can be customized.
The creation of the application system qualification survey with the Survey Management of ARIS Risk and Compliance is performed in two steps for each application system: