Create a data protection impact assessment survey

Use ARIS to prepare a data protection impact assessment survey.

Prerequisites

Procedure

  1. Start ARIS.

  2. Enter the name of the relevant Record of processing activity model to the Search Search field.

  3. Click the relevant model in the list of results. The fact sheet is displayed.

  4. Click Edit Edit > Edit Contribute if the edit mode is not activated yet.

  5. In the Processing activities table, click the Processing activity details attribute of the relevant processing activity. The fact sheet is displayed.

    The link is only available if the elements are already assigned to the processing activity.

  6. Click the edit box of the Questionnaires attribute to add a new element.

  7. Enter a name according to the respective processing activity and the description survey, for example, Salary payment GDPR DPIA.

  8. Click Activate to transfer your input, then click OK to confirm your input. The Questionnaires attribute is created.

  9. Click the Questionnaires attribute. The fact sheet is displayed.

  10. Specify the relevant survey details. To do so, click the edit box of the respective attribute, enter the relevant information, click Activate to transfer your input, and click OK to confirm your input (only for some attributes).

    1. Responsible: Any user responsible for this survey.

    2. Description: Short description of the survey.

    3. Questionnaire templates*): The questionnaire template to be used in the survey. Use the GDPR Data Protection Impact Assessment questionnaire template.

    4. Assigned roles*): The interviewee groups and the survey reviewer group in charge. You can assign multiple interviewee groups, but only one survey reviewer group. Each interviewee group receives one questionnaire.

    5. Start date*): The date the first survey and the assigned questionnaires are to be generated.

    6. End date: The date when the survey scheduler must be completed and no further survey is created.

    7. Frequency*): The interval at which the survey and the assigned questionnaires are generated.

    8. Time limit for execution in days*): The number of days available to the interviewee for the completion of the questionnaire. It defines the completion date by which the survey must be completed.

    9. *) = Mandatory for technical reasons

The data protection impact assessment survey scheduler for ARIS Risk and Compliance is created.

For detailed information, refer to the ARCM - Modeling Conventions manual and the ARIS Risk and Compliance online help.

Example

Data protection impact assessment survey