[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2X8rBVDbnXFZ0uqkDW6hnXFAk6idFki8K7oZX7ZJ-fg":3},{"sections":4,"resultAnalysis":550,"id":551,"version":552,"newVersion":31,"label":553,"isPinned":31,"isShared":47,"sharingToken":554,"isRevision":31,"isBlockAnalysisShared":31,"nbReferences":555,"referenceId":9,"nbResponses":20,"parentId":9,"revisionDescription":9,"logoUrl":556,"description":557,"scheduleIntervalDays":9,"versionNumber":11,"dateCreation":558,"dateUpdate":559,"dateArchived":9,"archived":31,"type":560,"typeIndex":561,"typeColor":9,"typeIcon":9,"typeText":562,"creator":563,"objectType":571,"objectTypeIndex":20,"objectTypeColor":382,"objectTypeIcon":572,"objectTypeText":573,"defaultOwners":574,"tags":576,"privacyHubs":9,"nbQuestions":586,"nbQuestionsRequired":20,"nbDatas":20,"deadLineDays":9},[5,187,348],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":13,"sections":14},"2c879551-1b5f-4746-b39f-a839a50ef441","general","General",null,"Chapter",1,"SectionType_Chapter",[],[15,139],{"id":16,"slug":17,"label":18,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":22,"questions":23,"sections":138},"9f06b73e-1556-4c3a-9814-8a96922b5b5b","GDPR-1-compliance-policy","GDPR Compliance Policy","Default",0,"SectionType_Default","\u003Cp>Section relating to the subcontractor's GDPR compliance policy.\u003C/p>",[24,48,63,78,93,108,123],{"id":25,"slug":26,"label":27,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":32,"displayConditions":9,"answers":33,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"387b2181-d74c-4ec2-b0f5-ec268dbf17b9","the-sub-contractor-has-formalised-a-personal-data-protection-policy","The processor  has formalised a Personal Data Protection Policy","Radio",7,"Unique choice list",false,[],[34,39,43],{"id":35,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":38},"767f5b49-8876-4bf5-b63c-f2490771c902","Yes",2,[],{"id":40,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":42},"a35cec2f-826a-4f58-8112-2fbe14d16244","No",[],{"id":44,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":46},"d466bf14-b715-4d1f-8c38-c8bd5c5aeb24","In progress",[],true,{"id":49,"slug":50,"label":51,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":52,"displayConditions":9,"answers":53,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"d3fa2b62-7887-4f79-ab8a-85c8c6f6f104","the-subcontractor-has-appointed-a-dpo","The processor has appointed a DPO",[],[54,57,60],{"id":55,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":56},"46279a7c-6a17-4902-86bf-4a2a4dd92f2e",[],{"id":58,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":59},"db1bc681-49e9-4113-8e5a-e01f72203ead",[],{"id":61,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":62},"f4fea07d-b0a0-479d-8bc2-60c35a7e9d7f",[],{"id":64,"slug":65,"label":66,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":67,"displayConditions":9,"answers":68,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"807b7a35-6883-47f6-8a6c-f82679a42e70","the-processor-keeps-a-record-of-processing-activities-for-the-services-entrusted-to-it","The processor keeps a record of processing activities for the services entrusted to it",[],[69,72,75],{"id":70,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":71},"53b6b1a3-b695-4277-813a-21eacbff99cb",[],{"id":73,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":74},"6be4bcf1-8938-48a2-b0a1-d076d080d3f2",[],{"id":76,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":77},"efcc6950-445a-4c0b-8ea6-82c9624a0e85",[],{"id":79,"slug":80,"label":81,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":82,"displayConditions":9,"answers":83,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"c47d9df5-7407-4001-8688-ce24edc9c754","the-subcontractor-has-defined-and-is-implementing-a-plan-to-raise-employee-awareness-of-the-gdpr-regulations","The processor  has defined and is implementing a plan to raise employee awareness of the GDPR regulations",[],[84,87,90],{"id":85,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":86},"f5a5d42f-dd45-4f45-b2d3-5d53b5d322bb",[],{"id":88,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":89},"b77bc76e-9833-49ce-a622-337f87bd9372",[],{"id":91,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":92},"4607e711-eb80-42a7-be93-2a59d3c64895",[],{"id":94,"slug":95,"label":96,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":97,"displayConditions":9,"answers":98,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"c33563dc-8445-4b52-966d-6f52daeff679","the-subcontractor-has-already-provided-a-compliance-audit-relative-to-personal-data-exploited-within-the-framework-of-awarded-services","The processor has already carried out a compliance audit of the personal data used for the services entrusted to it.",[],[99,102,105],{"id":100,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":101},"c0a1e1ca-3f07-4bf3-b7aa-3f2553857831",[],{"id":103,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":104},"8ff21edd-3700-48a1-9e4d-82241a85db5e",[],{"id":106,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":107},"ad7aa340-4790-4a81-884d-4f10af1b0c27",[],{"id":109,"slug":110,"label":111,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":112,"displayConditions":9,"answers":113,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"0500d9f6-5122-4245-8f80-0e91ca9a7bba","a-risk-analysis-privacy-impact-assessment-as-defined-in-the-gdpr-has-been-carried-out-on-the-services-entrusted-from-the-point-of-view-of-the-protection-of-personal-data","A risk analysis (privacy impact assessment as defined in the GDPR) has been carried out on the services entrusted from the point of view of the protection of personal data",[],[114,117,120],{"id":115,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":116},"df794dd2-7aa5-4fd4-912a-c35fdb46648c",[],{"id":118,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":119},"27a44815-8baf-4357-a53a-0a06742bd2f2",[],{"id":121,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":122},"7c4fa836-8d8a-4eea-9029-585ede77d232",[],{"id":124,"slug":125,"label":126,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":127,"displayConditions":9,"answers":128,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"b8dc7940-c297-4188-a2cc-2cf1b42640db","the-subcontractor-has-defined-and-formalised-data-protection-procedures-exercise-of-personal-rights-data-breaches-privacy-by-design-default-etc","The processor has defined and formalised data protection procedures: exercise of personal rights, data breaches, privacy by design / default, etc.",[],[129,132,135],{"id":130,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":131},"81fd91fd-9930-492e-8245-6bdc3987c9ea",[],{"id":133,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":134},"92103379-a759-44a1-b63f-959cbfa39729",[],{"id":136,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":9,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":137},"da5b2fee-fbd8-4913-9fd7-9846350e1738",[],[],{"id":140,"slug":141,"label":142,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":143,"questions":144,"sections":186},"06cc19d0-9526-4003-a03e-560544fde2e9","documentation-1-2-3","Documentation","\u003Cp>Processor documents and/or certificates section.\u003C/p>",[145],{"id":146,"slug":147,"label":148,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":149,"typeIndex":150,"typeColor":9,"typeIcon":9,"typeText":151,"dynamicSelectType":9,"editableOptions":31,"complianceRules":152,"displayConditions":9,"answers":153,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"8e69dfab-8d04-423c-8583-d4b6f770919b","what-documents-andor-certificates-does-the-subcontractor-have-that-can-prove-or-explain-the-measures-implemented-if-applicable","What documents and/or certificates does the processor have that can prove or explain the measures implemented (if applicable)?","Tags",11,"Tags select",[],[154,158,162,166,170,174,178,182],{"id":155,"color":9,"rangeValue":9,"label":156,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":157},"85355570-0802-4811-9b72-6be9acde309c","ISO 27001 certificate",[],{"id":159,"color":9,"rangeValue":9,"label":160,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":161},"4f51e6e9-f67f-46a3-a6dc-792b34dfc674","ISO 22301 certificate",[],{"id":163,"color":9,"rangeValue":9,"label":164,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":165},"3d69fdd9-5a97-4a19-8b07-0162b60c980b","PCI-DSS Certificate",[],{"id":167,"color":9,"rangeValue":9,"label":168,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":169},"95e5ecd6-2f5d-4a43-a632-df4fa28d7258","Binding Corporate Rules (BCR)",[],{"id":171,"color":9,"rangeValue":9,"label":172,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":173},"56c3761f-af86-43b0-a111-5195875a6a97","Safety Concept",[],{"id":175,"color":9,"rangeValue":9,"label":176,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":177},"e5261b70-1bed-4569-ab34-e1b83a9ead92","GDPR Certification (Art. 42 GDPR)",[],{"id":179,"color":9,"rangeValue":9,"label":180,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":181},"f3e335c0-270a-45d3-8165-71093aab230c","Certificat TISAX",[],{"id":183,"color":9,"rangeValue":9,"label":184,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":185},"2eff81f1-5c6f-4b5e-b927-346c4d4e05aa","ISAE 3402 Certificate",[],[],{"id":188,"slug":189,"label":190,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":191,"sections":192},"99320a9a-0138-42ef-8f7e-78d4ffa12bf7","security","Security",[],[193,295],{"id":194,"slug":195,"label":196,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":197,"questions":198,"sections":294},"f78db345-6876-43b0-becb-a1d7fed07af1","acces-aux-locaux-et-aux-installations-aux-systemes-informatiques-1","Access to premises, facilities and IT systems","\u003Cp>Section relating to access to the processor's premises, facilities and IT systems.\u003C/p>",[199,216,232,248,263,278],{"id":200,"slug":201,"label":202,"tooltipHtml":203,"descriptionHtml":204,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":205,"displayConditions":9,"answers":206,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"08756d39-8dfa-480e-bae6-8e814f42c6d3","the-subcontractor-has-taken-appropriate-technical-and-organisational-measures-compliant-with-the-state-of-the-world-which-allow-control-access-to-locations-and-to-facilities-or-the-data-a-character-personnel-are-processed-notably-to-verify-authorisation-","The processor has taken appropriate state-of-the-art technical and organisational measures to control access to the premises and facilities where personal data is processed, in particular to verify authorisation.","\u003Cp>\u003Cstrong>\u003Cem>Example: \u003C/em>\u003C/strong>\u003Cem>access control system (ID reader, magnetic card, smart card), (Handing out) keys, Locking doors (electrically opening doors, etc.), Security staff, guards, Surveillance facilities (alarm system, video / CCTV), Data centre access connection, Regular review of permanent access authorisations\u003C/em>\u003C/p>.","\u003Cp>\u003C/p>",[],[207,210,213],{"id":208,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":209},"0820a6b8-19ba-40d4-b06b-bec049e056ea",[],{"id":211,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":212},"68cdc688-d984-4ea8-9416-65e8a40d2068",[],{"id":214,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":215},"6a55011c-425a-4791-aed3-66f83f1cbf3f",[],{"id":217,"slug":218,"label":219,"tooltipHtml":220,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":221,"displayConditions":9,"answers":222,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"8825bafe-3622-4a62-99fe-d1c3376ca78e","the-sub-contractor-has-taken-technical-and-organisational-measures-identification-and-authentication-of-users-to-limit-access-to-computer-systems-to-only-the-persons-affected-by-the-use-of-personal-data-for-the-confirmed-service","The processor has taken technical and organisational measures to identify and authenticate the user in order to limit access to IT systems to only those persons concerned by the use of personal data for the service entrusted","\u003Cp>\u003Cstrong>\u003Cem>Examples: \u003C/em>\u003C/strong>\u003Cem>password procedures (including special characters, minimum length, regular password change), automatic blocking (e.g. password or shutdown), creation of a master folder per user, encryption of data media\u003C/em>\u003C/p>",[],[223,226,229],{"id":224,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":225},"d99eae5b-f0ae-4807-baf0-5025bff850b2",[],{"id":227,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":228},"b56d586f-be02-41ee-ba30-29e37038b4f9",[],{"id":230,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":231},"260de6b3-353c-4473-a6af-b463866375d7",[],{"id":233,"slug":234,"label":235,"tooltipHtml":236,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":237,"displayConditions":9,"answers":238,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"9b91e8e9-f218-4fc3-a06a-c32e2ae0fcf6","the-subcontractor-has-taken-appropriate-measures-to-control-access-management-on-dedicated-platformssoftware-tools","The processor has taken appropriate measures to control access management on dedicated platforms/software tools","\u003Cp>\u003Cstrong>\u003Cem>Examples: \u003C/em>\u003C/strong>\u003Cem>Differentiated access rights (profiles, roles, transactions and objects), Reports, Associated rights (modification, deletion), absence of account sharing\u003C/em>\u003C/p>",[],[239,242,245],{"id":240,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":241},"2a3ab602-0f0a-42cf-83de-465d6cabc49d",[],{"id":243,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":244},"91b02ec7-5dd7-4a75-8b9d-5609675baa7f",[],{"id":246,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":247},"203b34c3-fa00-46ac-b715-fdca7f0d96bf",[],{"id":249,"slug":250,"label":251,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":252,"displayConditions":9,"answers":253,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"4d36f988-b8bd-413f-8b73-cfc7e4b1fdad","the-sub-contractor-does-a-regular-assessment-of-technical-and-organisational-measures-intended-to-control-lacces-to-personal-data-by-example-test-of-penetration","The processor regularly assesses the technical and organisational measures designed to control access to personal data (e.g. penetration test)",[],[254,257,260],{"id":255,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":256},"f3d3e07e-8a51-4d95-8460-7ef348ae5cea",[],{"id":258,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":259},"64c23fc7-9ede-474e-b070-4e1da5411794",[],{"id":261,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":262},"b311a796-ed17-4c81-91ce-6601ec7820b9",[],{"id":264,"slug":265,"label":266,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":267,"displayConditions":9,"answers":268,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"cd985b6a-590d-4fb0-95ad-9245d8241f78","the-subcontractor-has-implemented-a-safety-incident-management-procedure","The processor has implemented a security incident management procedure",[],[269,272,275],{"id":270,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":271},"d2876c52-d9b5-44b7-8dab-7ee030f81913",[],{"id":273,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":274},"11a4ddf3-99dc-4d93-a9f8-ea68c583c239",[],{"id":276,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":277},"facdb1c9-2df7-4453-a69f-50cbab282d29",[],{"id":279,"slug":280,"label":281,"tooltipHtml":282,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":283,"displayConditions":9,"answers":284,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"60de4d78-3b2d-4cf5-8050-2117fff26a07","the-sub-contractor-takes-measures-to-prevent-unauthorised-loss-or-disclosure-during-electronic-transfer-of-transport-of-data-control-of-communication-transmission-or-storage-of-data-on-manual-or-electronic-data-media-and-thereby-prevent-unauthorised-disclosure-risks","The processor takes measures to prevent loss, alteration or unauthorised disclosure during electronic transfer, data transport, transmission control, communication or storage of data on data media (manual or electronic), etc, and thus to control the risks of unauthorised disclosure","\u003Cp>\u003Cstrong>\u003Cem>Examples:\u003C/em>\u003C/strong>\u003Cem> Encryption /canalisation (VPN=Virtual Private Network), Electronic signature, Connection, Transport security\u003C/em>\u003C/p>",[],[285,288,291],{"id":286,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":287},"2f5785d9-3207-4a86-9c74-0112600a1418",[],{"id":289,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":290},"86cb4b42-f39c-4a31-a519-b218c74869fb",[],{"id":292,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":293},"751ea21b-ebf7-4693-9616-90d4db790a54",[],[],{"id":296,"slug":297,"label":298,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":299,"questions":300,"sections":347},"ba5a8366-77f4-42a0-8846-0bc6eb6ba456","hebergement-et-stockage-des-donnees-personnelles-1","Hosting and storage of personal data","\u003Cp>Section relating to the hosting and storage by the processor of personal data.\u003C/p>",[301,317,332],{"id":302,"slug":303,"label":304,"tooltipHtml":305,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":306,"displayConditions":9,"answers":307,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"858c1235-5ecb-44ae-acf6-f0677bbc2edf","the-subcontractor-has-taken-appropriate-measures-to-protect-itself-against-destruction-or-accidental-loss-of-data-a-character-personal-principle-of-availability","The processor has taken appropriate steps to protect against the accidental destruction or loss of personal data (principle of availability)","\u003Cp>\u003Cstrong>\u003Cem>Examples:\u003C/em>\u003C/strong>\u003Cem>backup procedures/resilience of IT systems, integrity of IT system, mirroring of hard disks, e.g. by RAID technology, permanent maintenance of power supply (UPS), remote storage (of backups?), firewall / antivirus systems, emergency recovery plan\u003C/em>\u003C/p>",[],[308,311,314],{"id":309,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":310},"2fa78a09-a0bb-4bd9-b559-954e8593f348",[],{"id":312,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":313},"31a836d7-4096-462c-8c28-ba8af4e1f91e",[],{"id":315,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":316},"c9ee52bd-ae5f-48fb-a0da-203990c68d9a",[],{"id":318,"slug":319,"label":320,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":321,"displayConditions":9,"answers":322,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"0776d7ee-d54e-4875-9cde-916e32990e39","the-processor-shall-delete-or-return-personal-data-in-accordance-with-the-documented-instructions-received-from-the-customer-failing-this-it-has-defined-and-implemented-an-internal-data-retention-policy-that-complies-with-the-requirements-of-the-gdpr","The processor shall delete or return personal data in accordance with the documented instructions received from the Customer. Failing this, it has defined and implemented an internal data retention policy that complies with the requirements of the GDPR.",[],[323,326,329],{"id":324,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":325},"e11706f3-c1a4-48e0-bb74-ca8f91e97d09",[],{"id":327,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":328},"5b6a5c71-474a-4aae-bdcb-4c2645c7bddd",[],{"id":330,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":331},"f3206b95-72df-4966-bd0b-016e0255825e",[],{"id":333,"slug":334,"label":335,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":336,"displayConditions":9,"answers":337,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"47d082ca-efeb-4928-8ac0-c156b25ffeff","unless-expressly-authorised-in-the-contract-the-data-entrusted-by-the-customer-to-the-processor-for-processing-is-hosted-and-used-within-the-eu","Unless expressly authorised in the contract, the data entrusted by the Customer to the processor for processing is hosted and used within the EU",[],[338,341,344],{"id":339,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":340},"98190edd-4822-4473-a28f-20a022c4a37f",[],{"id":342,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":343},"21dae29a-f798-4411-a475-f1e4cc46ad31",[],{"id":345,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":346},"005a1308-9fea-4999-b14d-bc44415eb52d",[],[],{"id":349,"slug":350,"label":351,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":352,"sections":353},"8910e099-0074-46a2-a558-dea1473c4c05","contract","Contrat",[],[354,414,483],{"id":355,"slug":356,"label":357,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":358,"questions":359,"sections":413},"1e8c1ed8-cb73-4797-bb03-bd217f32cd49","subcontract","Contract","\u003Cp>Section on contracts between the controller and the processor\u003C/p>",[360,386],{"id":361,"slug":362,"label":363,"tooltipHtml":9,"descriptionHtml":364,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":365,"displayConditions":9,"answers":366,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"1f909de6-3d12-4760-b243-29ab12d65e3c","have-you-passed-a-contract-with-your-sub-contractor-","Have you signed a contract with the processor?","\u003Cp>The relationship between a controller and a processor must be governed by a contract in accordance with Article 28 of the GDPR.\u003C/p>",[],[367,370,383],{"id":368,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":369},"82b068f0-c856-4840-9346-a023d9a2795f",[],{"id":371,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":372,"impactIndex":373,"impactColor":374,"impactIcon":9,"impactText":375,"probability":372,"probabilityIndex":373,"probabilityColor":374,"probabilityIcon":9,"probabilityText":375,"taskSuggestions":376},"0efb9b9c-115f-4c71-8baf-69b532522423","VeryHigh",5,"var(--bs-danger)","Extreme",[377],{"id":378,"label":379,"userId":9,"color":9,"description":380,"priority":381,"priorityIndex":11,"priorityColor":382,"priorityIcon":9,"priorityText":381},"e665217b-0920-4266-a3eb-ee4fb9252185","Sign a contract","","High","#DC3545",{"id":384,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":385},"2eebd82b-a4a5-4a24-89b3-a8a2ac8652df",[],{"id":387,"slug":388,"label":389,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":390,"displayConditions":391,"answers":399,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"e2467111-59f7-4c20-b475-774c1bc48db1","does-this-contract-include-a-section-on-the-protection-of-personal-data","Does this contract include a section on the protection of personal data? ",[],{"id":392,"separator":393,"field":9,"operator":394,"value":9,"rules":395},"efed83db-13db-488a-a829-9ae169bc88fc","And","equal",[396],{"id":397,"separator":9,"field":361,"operator":394,"value":368,"rules":398},"cf8a4b1e-1296-424f-adc9-2759516ba622",[],[400,407,410],{"id":401,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":402,"impactIndex":11,"impactColor":403,"impactIcon":9,"impactText":404,"probability":402,"probabilityIndex":11,"probabilityColor":403,"probabilityIcon":9,"probabilityText":405,"taskSuggestions":406},"85fd67e5-a450-4f1a-b1de-63ed4ce1f2d4","VeryLow","var(--bs-success)","Negligible","Remote",[],{"id":408,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":372,"impactIndex":373,"impactColor":374,"impactIcon":9,"impactText":375,"probability":372,"probabilityIndex":373,"probabilityColor":374,"probabilityIcon":9,"probabilityText":375,"taskSuggestions":409},"3b9a7fae-67a0-40b5-84ce-412b2b569049",[],{"id":411,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":412},"b14e9050-5c50-4314-b4db-1be6cfc2ec68",[],[],{"id":415,"slug":416,"label":417,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":418,"questions":419,"sections":482},"a0876b61-e4cc-40c4-9ff6-522361dd1c55","conformite-de-mise-en-oeuvre-des-activites-de-traitement-1","Compliance of implementation of processing activities","\u003Cp>Processor's processing activities implementation compliance section.\u003C/p>",[420,435,450,466],{"id":421,"slug":422,"label":423,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":424,"displayConditions":9,"answers":425,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"df63318d-25fa-492c-a9e6-37c0569798fb","the-subcontractor-has-in-place-verification-measures-ulterating-the-entry-of-the-modification-or-the-deletion-of-data-and-of-the-person-y-who-has-proceded-journalisation-of-acces-and-reporting","The processor has implemented measures for subsequent verification of the entry, modification or deletion of data, and of the person who carried it out (logging of access and reporting).",[],[426,429,432],{"id":427,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":428},"cd0bbc1c-a981-4a5f-838a-a1ffdbf74b9d",[],{"id":430,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":431},"48f27438-5c98-4600-94c2-e1201875b6c7",[],{"id":433,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":434},"9d769068-8d48-45fd-9e35-13c777e353e1",[],{"id":436,"slug":437,"label":438,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":439,"displayConditions":9,"answers":440,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"f11429b6-d223-4d90-af00-5162e2b03c2a","the-subcontractor-regularly-informs-his-client-of-the-proper-execution-of-the-contract-for-the-services-which-him-have-been-awarded-in-compliance-with-the-documented-instructions","The processor regularly informs its Customer of the proper performance of the Contract for the services entrusted to it (compliance with the documented instructions).",[],[441,444,447],{"id":442,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":443},"2d2f8fe8-563c-45b1-b2c4-f616bb95dba6",[],{"id":445,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":446},"5a107061-fed5-469d-bac1-1477ad3bef05",[],{"id":448,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":449},"62da93b0-06c7-41de-bace-acd82ed7d74d",[],{"id":451,"slug":452,"label":453,"tooltipHtml":454,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":455,"displayConditions":9,"answers":456,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"121a3d3e-e121-496c-908c-f5414c3bb29f","the-sub-contractor-respects-the-disolation-principles-of-treatments-for-different-finalities-and-has-implemented-appropriate-provisions","The processor complies with the principles of isolation of processing for different purposes and has put in place appropriate measures","\u003Cp>\u003Cstrong>\u003Cem>Example:\u003C/em>\u003C/strong>\u003Cem> sandboxes for development activities, separation of activities in the organisation of rights, ...\u003C/em>\u003C/p>",[],[457,460,463],{"id":458,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":459},"38ce39cf-01db-4772-9883-390109721ccc",[],{"id":461,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":462},"c39357c7-69f2-4489-943b-d132e905188c",[],{"id":464,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":465},"43f434f1-44ab-46c0-ad73-6d311dbf2077",[],{"id":467,"slug":468,"label":469,"tooltipHtml":470,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":471,"displayConditions":9,"answers":472,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"aea39d6f-c468-4219-b5e4-f39000f05650","the-processor-has-put-in-place-measures-to-enable-data-to-be-processed-separately-stored-modified-deleted-transmitted-for-different-purposes","The processor has put in place measures to enable data to be processed separately (stored, modified, deleted, transmitted) for different purposes","\u003Cp>\u003Cstrong>\u003Cem>Example: \u003C/em>\u003C/strong>\u003Cem>internal client concept/usage limitation, separation of functions in the organisation for development/testing/production\u003C/em>\u003C/p>",[],[473,476,479],{"id":474,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":475},"7fd1b612-18cb-4e17-b7e6-ce4b51f5ae1f",[],{"id":477,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":478},"693737a1-f6ba-4a88-995c-4d086d8d1650",[],{"id":480,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":481},"41aa01f0-586e-4ff8-9b72-8c4196e48b38",[],[],{"id":484,"slug":485,"label":486,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":487,"questions":488,"sections":549},"011ed9eb-4620-4e69-ba5f-28bc997c51eb","sous-traitance-ulterieure-1-2-3-4","Subsequent subcontracting","\u003Cp>Processor subsequent subcontracting section.\u003C/p>",[489,504,519,534],{"id":490,"slug":491,"label":492,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":493,"displayConditions":9,"answers":494,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"89d2ab80-1423-4272-a4a5-b191a2bf822d","the-relations-with-subcontractors-ulterators-were-the-subject-of-a-contract-","Relationships with any subsequent processors are governed by a contract",[],[495,498,501],{"id":496,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":497},"6b04d39a-bbd9-4388-99d5-ccb8a6153be1",[],{"id":499,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":500},"df8c1a5c-d77e-4a4c-bc71-dfa15212c2e9",[],{"id":502,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":503},"3a5872e1-93cf-4f1c-8315-70afadf2be5a",[],{"id":505,"slug":506,"label":507,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":508,"displayConditions":9,"answers":509,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"e9dba852-0b9e-46a3-9307-82cc18947ae9","if-yes-these-contracts-take-into-account-the-gdpr-requirements","If yes, these contracts take into account the GDPR requirements",[],[510,513,516],{"id":511,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":512},"2242b7ce-de16-4d22-b2f3-ef0a78018d25",[],{"id":514,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":515},"0209b120-b8e6-43ec-8ae4-58b91d67b485",[],{"id":517,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":518},"7a081dcc-ef30-4ca3-82e8-4e31ae585f8b",[],{"id":520,"slug":521,"label":522,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":523,"displayConditions":9,"answers":524,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"2ed0f049-580b-4e66-9a35-e84763ae26a4","any-transfers-of-data-outside-the-eu-are-governed-by-standard-clauses-or-other-guarantees-provided-for-in-the-gdpr","Any transfers of data outside the EU are governed by standard clauses or other guarantees provided for in the GDPR.",[],[525,528,531],{"id":526,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":527},"320ec324-14df-4736-89d1-e3b9b2c0c6e0",[],{"id":529,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":530},"c0fa6866-a122-41c8-8d71-07209d757e49",[],{"id":532,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":533},"080fa0fc-b330-41ef-bd98-fdad5cacae96",[],{"id":535,"slug":536,"label":537,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":28,"typeIndex":29,"typeColor":9,"typeIcon":9,"typeText":30,"dynamicSelectType":9,"editableOptions":31,"complianceRules":538,"displayConditions":9,"answers":539,"listQuestions":9,"required":31,"requiredJustification":31,"suggestTask":31,"riskEnabled":47,"native":31},"2f3d2f08-af13-4920-8d63-1b28dbf99d1c","the-processor-has-ensured-that-subsequent-processors-have-taken-the-organisational-and-technical-measures-necessary-to-provide-sufficient-guarantees-for-the-protection-of-personal-data","The processor has ensured that subsequent processors have taken the organisational and technical measures necessary to provide sufficient guarantees for the protection of personal data.",[],[540,543,546],{"id":541,"color":9,"rangeValue":9,"label":36,"slug":9,"description":9,"score":37,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":542},"9aa8d5a4-34e6-42f4-a5c0-00fbcc7796e7",[],{"id":544,"color":9,"rangeValue":9,"label":41,"slug":9,"description":9,"score":20,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":545},"b8c5ed79-5511-4558-b184-37fac1928b3a",[],{"id":547,"color":9,"rangeValue":9,"label":45,"slug":9,"description":9,"score":11,"nonApplicable":31,"tooltip":9,"goodAnswer":31,"redFlag":31,"impact":9,"probability":9,"taskSuggestions":548},"74f0d523-db6f-4925-b3d2-9559828ef46b",[],[],[],"03734ff2-0f14-4bd7-45bb-08dc1448fc0c","1.0","Processor GDPR Assessment (simple)","k0IdxL3EnnfgySu3wDT7PQFVOAB4WcY77II4yuv0Z6sCfFqfy0FUcBVxPZcp",4,"https://static.dastra.eu/tenant-3/audit/qXwNvmofHDzQRO/icon-audit500x-150-150.png","Simple assessment of the measures implemented by a processor to meet GDPR requirements.","2024-01-13T15:04:47.862596","2026-04-09T15:30:55.1458285","Vendor",3,"Third party assessment",{"id":564,"displayName":565,"familyName":566,"givenName":567,"email":568,"active":47,"color":569,"avatarUrl":570,"tenantId":20},38,"Paul-Emmanuel Bidault","Bidault","Paul-Emmanuel","paulemmanuel.bidault@dastra.eu","#FA4115","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg","Actor","ds-icon-actor","Stakeholders",[575],{"id":564,"displayName":565,"familyName":566,"givenName":567,"email":568,"active":47,"color":569,"avatarUrl":570,"tenantId":20},[577],{"id":578,"label":579,"type":580,"typeIndex":581,"typeColor":582,"typeIcon":583,"typeText":584,"color":585},"0e3edde6-fe96-4b8e-8572-e8b4a7063dba","GDPR","AuditTemplate",9,"#83d162","ds-icon-audit","Questionnaire template","#F479D9",27]