[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f1_0xYy8mBzhp-raXOhl2kcL8VAnJh2wO0oMnfbJTBfs":3},{"sections":4,"resultAnalysis":1091,"id":1139,"version":1140,"newVersion":21,"label":1141,"isPinned":29,"isShared":29,"sharingToken":1142,"isRevision":21,"isBlockAnalysisShared":29,"nbReferences":1129,"referenceId":9,"nbResponses":11,"parentId":9,"revisionDescription":9,"logoUrl":1143,"description":1144,"scheduleIntervalDays":9,"versionNumber":28,"dateCreation":1145,"dateUpdate":1146,"dateArchived":9,"archived":21,"type":1147,"typeIndex":1148,"typeColor":9,"typeIcon":9,"typeText":1149,"creator":1150,"objectType":9,"defaultOwners":1158,"tags":1167,"privacyHubs":9,"nbQuestions":1177,"nbQuestionsRequired":1177,"nbDatas":11,"deadLineDays":9},[5,257,507,653,883],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":13,"sections":256},"0d10dc9b-0b1e-4635-a07c-5a6d47c8b6cd","initial","GDPR to be in compliance",null,"Default",0,"SectionType_Default",[14,35,49,67,79,91,116,128,140,152,164,176,190,212,234],{"id":15,"slug":16,"label":17,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":22,"displayConditions":9,"answers":23,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"f5974ac7-e06b-46cb-b123-dee1efe0bffe","1-the-right-to-portability-exists-only-for-processing-operations-based-on-a-contract-or-the-consent-of-the-data-subjects","1.1. The right to portability exists only for processing operations based on a contract or the consent of the data subjects.","Radio",7,"Unique choice list",false,[],[24,31],{"id":25,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":30},"4969926c-a350-4b69-ba18-60ae86116f83","#ffffff","True",1,true,[],{"id":32,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":34},"262ec45e-d826-496c-a570-b77a733c8650","False",[],{"id":36,"slug":37,"label":38,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":39,"displayConditions":9,"answers":40,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"1d74c05f-466c-4675-bd74-b9dfb8c1c382","1-2-is-the-clocking-file-of-a-communitys-officers-schedules-a-data-processing-operation-submitted-to-the-gdpr","1.2. Is the clocking file of a community's officers' schedules a data processing operation submitted to the GDPR?",[],[41,45],{"id":42,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":44},"4782a3fc-26d1-4cbb-80fc-50bf76676d2c","Yes",[],{"id":46,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":48},"183535ea-3f57-4acd-8dda-719209c2f23d","No",[],{"id":50,"slug":51,"label":52,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":53,"displayConditions":9,"answers":54,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"56a6a079-00d4-45c2-a132-6fd75bf4fa8e","1-3-who-is-the-data-controller-for-the-management-of-the-employees-personnel-file","1.3. Who is the data controller for the management of the employee's personnel file?",[],[55,59,63],{"id":56,"color":26,"rangeValue":9,"label":57,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":58},"eda7a6b2-a561-4eb4-b993-69b2b13294e1","The human resources manager",[],{"id":60,"color":26,"rangeValue":9,"label":61,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":62},"1273488d-2eee-4c73-b664-600528bb2f6e","The manager",[],{"id":64,"color":26,"rangeValue":9,"label":65,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":66},"0bfc95ac-c448-4e3c-ace7-acf1c7da7dac","The company",[],{"id":68,"slug":69,"label":70,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":71,"displayConditions":9,"answers":72,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"a4f17730-bc0b-4de7-b20e-a3f1d88eacc7","1-4-with-regard-to-processing-operations-date-processors-must-adhere-to-the-instructions-given-by-the-data-controller-in-documented-form","1.4. With regard to processing operations, date processors must adhere to the instructions given by the data controller in documented form.",[],[73,76],{"id":74,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":75},"9dfb68ff-5ba0-417a-ae42-0f3defad56a6",[],{"id":77,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":78},"6a905999-4068-4207-8c8d-eee41227641e",[],{"id":80,"slug":81,"label":82,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":83,"displayConditions":9,"answers":84,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"ee1f417c-bdc7-48c6-9bb9-3ebf59c6099a","1-5-companies-that-have-signed-up-to-codes-of-conduct-are-obliged-to-apply-them","1.5. Companies that have signed up to codes of conduct are obliged to apply them.",[],[85,88],{"id":86,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":87},"9a561210-c964-46a3-919f-c12ad27e4d4d",[],{"id":89,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":90},"58b30785-15f5-43ef-be5a-7acf814fa3c3",[],{"id":92,"slug":93,"label":94,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":98,"displayConditions":9,"answers":99,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"4182ad1f-e617-4ec8-acea-5949a9b6b07b","1-6-which-of-these-organizations-are-subject-to-the-gdpr","1.6. Which of these organizations are subject to the GDPR?","Checkbox",8,"Multi choice list",[],[100,104,108,112],{"id":101,"color":26,"rangeValue":9,"label":102,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":103},"8db82e9b-5acb-403a-ac75-95f1c4d3cd03","A body established in the European Union which processes data of people who are in the territory of the EU",[],{"id":105,"color":26,"rangeValue":9,"label":106,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":107},"2a880113-3308-415f-a9ef-dc76df46c27a","A body established in the EU which processes personal data",[],{"id":109,"color":26,"rangeValue":9,"label":110,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":111},"97e6e5fa-7da4-4ce4-82cd-4dbd82699283","A body established outside the EU which offers goods or services to people within the EU",[],{"id":113,"color":26,"rangeValue":9,"label":114,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":115},"0d1b4524-08c7-42e6-8ae3-d23feddb7261","A body established outside the EU that only processes personal data of people outside the EU",[],{"id":117,"slug":118,"label":119,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":120,"displayConditions":9,"answers":121,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"d7c94ebd-8df1-488b-9500-ad567ac8f6fa","1-7-certification-is-mandatory-for-organizations-subject-to-the-gdpr","1.7. Certification is mandatory for organizations subject to the GDPR",[],[122,125],{"id":123,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":124},"3fb1c3e7-ad14-49dd-8e39-aa2748e2345b",[],{"id":126,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":127},"9991a6d3-9fb3-4f87-b7bc-007278311f3c",[],{"id":129,"slug":130,"label":131,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":132,"displayConditions":9,"answers":133,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"78aecd61-3b2e-4d50-9373-ee2112dd7082","1-8-a-company-has-a-file-of-its-suppliers-with-contact-e-mail-addresses-the-rgpd-does-not-apply-to-this-file-because-this-information-is-collected-in-a-professional-context","1.8. A company has a file of its suppliers with contact e-mail addresses. The GDPR does not apply to this file because this information is collected in a professional context.",[],[134,137],{"id":135,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":136},"a21229ae-7d6d-469f-b3ba-aa16ca53c066",[],{"id":138,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":139},"7586d996-2e7e-4493-863f-91b2515d5763",[],{"id":141,"slug":142,"label":143,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":144,"displayConditions":9,"answers":145,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"98b81f6f-3f87-4ba2-ae57-1399f0dda4eb","1-9-julie-is-randomly-interviewed-on-the-street-by-a-polling-organization-she-is-asked-a-total-of-3-questions-do-you-watch-television-do-you-watch-it-every-day-how-much-time-per-day-the-polling-company-does-not-collect-any-additional-information-is-it-an-anonymous-survey","1.9. Julie is randomly interviewed on the street by a polling organization. She is asked a total of 3 questions: Do you watch television? Do you watch it every day? How much time per day? The polling company does not collect any additional information. Is it an anonymous survey?",[],[146,149],{"id":147,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":148},"3a8fe626-f475-4278-b3fe-aeaaeba38758",[],{"id":150,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":151},"f38b9e4d-0250-40cb-b174-09f121d52dcf",[],{"id":153,"slug":154,"label":155,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":156,"displayConditions":9,"answers":157,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"061dd19f-cd7a-43a0-a3fc-4291627b7b42","1-10-an-organisation-may-be-both-data-controller-and-data-processor","1.10. An organisation may be both data controller and data processor.",[],[158,161],{"id":159,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":160},"37423c39-ffc7-461b-a3d0-d0ff2b3ee46c",[],{"id":162,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":163},"8ca96ac9-506a-437f-9dbd-45c5fb419862",[],{"id":165,"slug":166,"label":167,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":168,"displayConditions":9,"answers":169,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"c7ee5763-9d47-4eb5-acb0-2f2b021a023c","1-11-you-fill-out-an-information-sheet-about-your-employees-each-sheet-is-filed-in-alphabetical-order-in-a-dedicated-folder-does-the-gdpr-apply","1.11. You fill out an information sheet about your employees. Each sheet is filed in alphabetical order in a dedicated folder. Does the GDPR apply?",[],[170,173],{"id":171,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":172},"f2172b8b-3047-4c4e-bf04-a4b570c70455",[],{"id":174,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":175},"fa89dd2b-5830-4ba5-a15f-9e476b057174",[],{"id":177,"slug":178,"label":179,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":180,"displayConditions":9,"answers":181,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"89196447-a960-47d2-a027-ff15f2bfdc0b","1-12-the-data-controller-of-an-online-sales-site-is-","1.12. The data controller of an online sales site is:",[],[182,186],{"id":183,"color":26,"rangeValue":9,"label":184,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":185},"83ac40dc-2cbf-4d2e-b734-f1c0b154939c","The organization that initiated the creation of the site",[],{"id":187,"color":26,"rangeValue":9,"label":188,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":189},"dba3eec2-2a9b-459a-92a7-e0a394692800","The organization hosting the site",[],{"id":191,"slug":192,"label":193,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":194,"displayConditions":9,"answers":195,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"46a9df72-17bf-4981-8aac-847952ce6a4e","1-13-in-the-case-of-data-transfers-to-an-unsuitable-country-the-organization-does-not-need-authorization-if-","1.13. In the case of data transfers to an \"unsuitable\" country, the organization does not need authorization if:",[],[196,200,204,208],{"id":197,"color":26,"rangeValue":9,"label":198,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":199},"b12874df-16fe-4e8e-b265-48e72afa9159","It sets up Binding Corporate Rules (BCR)",[],{"id":201,"color":26,"rangeValue":9,"label":202,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":203},"602063b9-8584-490b-9b72-80c75c8380fe","It makes use of the standard contractual clauses (SCTs) adopted by the European Commission",[],{"id":205,"color":26,"rangeValue":9,"label":206,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":207},"bb248189-0956-4411-9996-722e80c59865","It puts in place specific contractual clauses",[],{"id":209,"color":26,"rangeValue":9,"label":210,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":211},"9e1c38de-0c06-447c-8a7e-22c714239692","The person has given consent",[],{"id":213,"slug":214,"label":215,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":216,"displayConditions":9,"answers":217,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"950ec08a-57f0-4a91-8c46-36a1972c9b3b","1-14-which-of-the-following-data-relating-to-a-natural-person-taken-in-isolation-is-considered-as-personal-data","1.14. Which of the following data relating to a natural person, taken in isolation, is considered as \"personal data\"?",[],[218,222,226,230],{"id":219,"color":26,"rangeValue":9,"label":220,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":221},"0e48aa2d-0012-45a4-aebc-960d9c261640","Vehicle registration number",[],{"id":223,"color":26,"rangeValue":9,"label":224,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":225},"8b2e3f1e-c376-4abb-8268-4174df36d564","Photograph",[],{"id":227,"color":26,"rangeValue":9,"label":228,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":229},"45c5fed0-48ad-4785-963a-ed0c1cd6e801","Postal code",[],{"id":231,"color":26,"rangeValue":9,"label":232,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":233},"81a9e056-164d-4217-ab92-825ce3167c3e","Telephone number",[],{"id":235,"slug":236,"label":237,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":238,"displayConditions":9,"answers":239,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"736e06df-7111-466f-8bd5-6fc14fd2046b","1-15-which-of-these-organizations-are-affected-by-the-gdpr","1.15. Which of these organizations are affected by the GDPR?",[],[240,244,248,252],{"id":241,"color":26,"rangeValue":9,"label":242,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":243},"342a17d7-2928-442e-959c-b8427d9ddc3e","A school",[],{"id":245,"color":26,"rangeValue":9,"label":246,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":247},"21ddef93-2db8-4bb1-9727-b983a7fe8097","An association",[],{"id":249,"color":26,"rangeValue":9,"label":250,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":251},"97dad4e2-e1b9-40a2-9e9c-bf1589e8ace6","A self-entrepreneur",[],{"id":253,"color":26,"rangeValue":9,"label":254,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":255},"ac8b057b-3762-444d-93da-1701b069c3f2","A public administration",[],[],{"id":258,"slug":259,"label":260,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":261,"sections":506},"ca83bc34-523d-4508-91e7-53b716f1d38e","identify-security-breaches","Identify security breaches",[262,274,292,304,318,336,354,372,384,414,432,462,480],{"id":263,"slug":264,"label":265,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":266,"displayConditions":9,"answers":267,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"9c908497-cd20-4505-bba4-c09cc1361e3b","2-1-personal-data-that-are-no-longer-in-common-use-by-the-operational-services-concerned-must-necessarily-be-destroyed-or-anonymised-if-they-are-not-of-historical-statistical-or-scientific-interest","2.1. Personal data that are no longer in common use by the operational services concerned must necessarily be destroyed or anonymised if they are not of historical, statistical or scientific interest.",[],[268,271],{"id":269,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":270},"f36b558a-201e-4e6d-ac53-407243d9a7bb",[],{"id":272,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":273},"dcfba1cb-589e-4751-ba5a-5a0f409a0115",[],{"id":275,"slug":276,"label":277,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":278,"displayConditions":9,"answers":279,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"254d5074-6d22-4d35-98d7-3a9d065f9b42","2-2-choose-the-proposal-that-best-describes-a-cyber-attack-","2.2. Choose the proposal that best describes a cyber attack:",[],[280,284,288],{"id":281,"color":26,"rangeValue":9,"label":282,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":283},"a41febb1-95b0-4696-8bf9-70b759a48cb3","Intrusion into Government Computer Systems",[],{"id":285,"color":26,"rangeValue":9,"label":286,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":287},"51e72c24-867e-4337-9469-e0614182e638","Damage to computer systems carried out with malicious intent",[],{"id":289,"color":26,"rangeValue":9,"label":290,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":291},"f0ac0406-b0ba-4fc1-992c-5bedb9a62d28","Receipt of an email announcing an upcoming computer attack",[],{"id":293,"slug":294,"label":295,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":296,"displayConditions":9,"answers":297,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"5f47a0f8-9f91-44bb-98e8-15d579613a9b","2-3-in-the-case-of-subsequent-data-processing-the-main-data-processor-may-be-sanctioned-for-a-fault-committed-by-the-subprocessor-it-has-itself-chosen","2.3. In the case of \"subsequent data processing\", the main data processor may be sanctioned for a fault committed by the subprocessor it has itself chosen.",[],[298,301],{"id":299,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":300},"83e399c2-8531-4b4f-af55-6ef04118fbde",[],{"id":302,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":303},"2ac7bc29-37cf-4118-997d-4bf4ac6a2def",[],{"id":305,"slug":306,"label":307,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":308,"displayConditions":9,"answers":309,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"d3626d07-99cd-401e-bfcb-f74f26340d69","2-4-the-notions-of-privacy-by-default-and-privacy-by-design-must-be-applied-by-","2.4. The notions of \"privacy by default\" and \"privacy by design\" must be applied by:",[],[310,314],{"id":311,"color":26,"rangeValue":9,"label":312,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":313},"02c49716-5323-4707-a729-382dd4f3a46c","Data processors",[],{"id":315,"color":26,"rangeValue":9,"label":316,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":317},"d3f996e0-00b4-4c7f-b46d-8bed467d9dc7","Data controllers",[],{"id":319,"slug":320,"label":321,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":322,"displayConditions":9,"answers":323,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"ae6ce68a-223e-425a-b3ee-9c863a0fd9ff","2-5-the-respect-of-the-obligation-of-security-can-be-appreciated-","2.5. The respect of the obligation of security can be appreciated:",[],[324,328,332],{"id":325,"color":26,"rangeValue":9,"label":326,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":327},"52a37e00-6d5f-4e8a-9964-faac873bcf76","Once and for all; when registering the processing activities of the security measures implemented ",[],{"id":329,"color":26,"rangeValue":9,"label":330,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":331},"873ec8f7-5560-42ea-afe0-a3bc4303b9c6","On an ongoing basis; as technology and fraud techniques develop",[],{"id":333,"color":26,"rangeValue":9,"label":334,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":335},"39c30c8c-52b1-40e5-8d69-c7ffc6d6c5ff","Once a year; on the basis of the annual report of the DPO",[],{"id":337,"slug":338,"label":339,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":340,"displayConditions":9,"answers":341,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"8f10004d-ff61-4b2f-b577-13ccc6a96bae","2-6-the-implementation-of-an-information-systems-security-policy-","2.6. The implementation of an Information Systems Security Policy:",[],[342,346,350],{"id":343,"color":26,"rangeValue":9,"label":344,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":345},"3e6121c5-cb80-4fa0-b902-d16cdb507d8c","Is done under the responsibility of a person in charge of its establishment; evolution and application",[],{"id":347,"color":26,"rangeValue":9,"label":348,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":349},"a1b50fca-f5a1-4878-a022-c5b8536f6edd","Allows you to dispense with the need to carry out risk analyses and PIAs (impact analysis) of personal data processing",[],{"id":351,"color":26,"rangeValue":9,"label":352,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":353},"ece23e7d-3cb6-4c5a-a008-336cb4e38962","Must not be the subject of information of the collaborators in order not to disclose the means implemented",[],{"id":355,"slug":356,"label":357,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":358,"displayConditions":9,"answers":359,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"752285a8-e927-4c03-aa7a-ca5932a8d35b","2-7-the-traces-and-the-trace-access-policy-allows-","2.7. The traces and the trace access policy allows:",[],[360,364,368],{"id":361,"color":26,"rangeValue":9,"label":362,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":363},"f727b48a-06c7-40c2-9f9e-e74ac2b038d5","To monitor employee productivity",[],{"id":365,"color":26,"rangeValue":9,"label":366,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":367},"e3087cd6-ff20-4e45-aa36-78f1d856d199","Monitoring access to the information system only from outside (computer network, internet...)",[],{"id":369,"color":26,"rangeValue":9,"label":370,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":371},"e3b111f4-5c99-401b-9938-d7a072107525","To control the proper functioning and use of the company's IT resources on a permanent basis (traceability of actions; access; intrusions; virus attack; etc.)",[],{"id":373,"slug":374,"label":375,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":376,"displayConditions":9,"answers":377,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"f8fd977a-4c49-479d-a6d3-e2c5cae4149b","2-8-the-obligation-to-ensure-the-security-of-personal-data-requires-the-systematic-encryption-of-personal-data","2.8. The obligation to ensure the security of personal data requires the systematic encryption of personal data.",[],[378,381],{"id":379,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":380},"96fb6d92-e788-4003-b108-7fd6ea4f9a34",[],{"id":382,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":383},"9c40e0de-541f-42e6-b5c3-17825aa05ac7",[],{"id":385,"slug":386,"label":387,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":388,"displayConditions":9,"answers":389,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"1b6ba38f-4a24-4104-a755-a6b48bfc0b9a","2-9-how-to-protect-yourself-from-cyber-attacks","2.9. How to protect yourself from cyber attacks?",[],[390,394,398,402,406,410],{"id":391,"color":26,"rangeValue":9,"label":392,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":393},"8ec75647-3cc5-484b-aaa6-fea1688be5c3","Destroy unsolicited messages without replying",[],{"id":395,"color":26,"rangeValue":9,"label":396,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":397},"b878f58f-765c-4501-b33b-0b648bbb93b1","Use secure passwords",[],{"id":399,"color":26,"rangeValue":9,"label":400,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":401},"fc62632e-caea-4b15-ad74-2ef0a1050e34","Do not execute instructions from an unknown person",[],{"id":403,"color":26,"rangeValue":9,"label":404,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":405},"ad543636-3ad8-400b-90eb-7da5b1805ada","Share your password with your colleagues",[],{"id":407,"color":26,"rangeValue":9,"label":408,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":409},"46d14419-7e9d-40ce-9b32-bb9501750021","Keep your equipment up to date",[],{"id":411,"color":26,"rangeValue":9,"label":412,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":413},"049cfa66-799e-428d-89a7-13d21048fcc3","Do not disseminate personal and/or confidential information on the Internet",[],{"id":415,"slug":416,"label":417,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":418,"displayConditions":9,"answers":419,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"a081c619-eb00-425f-86cf-8a9935229881","2-10-what-is-loss-of-data-integrity","2.10. What is loss of data integrity?",[],[420,424,428],{"id":421,"color":26,"rangeValue":9,"label":422,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":423},"7d3d7641-737f-4be1-814e-fcaf77ef714a","Unauthorized alteration of a data",[],{"id":425,"color":26,"rangeValue":9,"label":426,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":427},"4cba41c6-f775-4c9a-954a-c4eafa7964b3","The unavailability of a data",[],{"id":429,"color":26,"rangeValue":9,"label":430,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":431},"8ec68b3f-71c1-4084-a695-58317b2987c5","Loss of confidentiality of data",[],{"id":433,"slug":434,"label":435,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":436,"displayConditions":9,"answers":437,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"4feff230-d925-4a1f-b95b-616752394592","1-15-what-are-the-objectives-of-hackers-during-cyber-attacks-several-answers-are-possible","2.11. What are the objectives of hackers during cyber attacks? (several answers are possible)",[],[438,442,446,450,454,458],{"id":439,"color":26,"rangeValue":9,"label":440,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":441},"9ccc46bd-ed3c-4010-9d30-9fc90f2b4ede","Espionage",[],{"id":443,"color":26,"rangeValue":9,"label":444,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":445},"c9e7daa9-d62c-4310-a620-17f100af1979","Revenge",[],{"id":447,"color":26,"rangeValue":9,"label":448,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":449},"3e09ab79-3244-4046-b9e5-2497fd2677bd","Destabilization",[],{"id":451,"color":26,"rangeValue":9,"label":452,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":453},"2aa5e522-2f97-4879-8488-d85e51035dc7","Data Resale",[],{"id":455,"color":26,"rangeValue":9,"label":456,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":457},"d5d8291d-2366-4b4b-af82-b7b7934fc7a1","Political or ideological claim",[],{"id":459,"color":26,"rangeValue":9,"label":460,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":461},"840f11b7-06ce-4545-89c0-2c6f2e272a3b","Technical Challenge",[],{"id":463,"slug":464,"label":465,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":466,"displayConditions":9,"answers":467,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"bb2045b3-abd9-42a8-b931-96abc94518c5","2-12-a-breach-of-personal-data-occurs-when-the-data-has-been-subject-to-a-loss-of-","2.12. A breach of personal data occurs when the data has been subject to a loss of:",[],[468,472,476],{"id":469,"color":26,"rangeValue":9,"label":470,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":471},"b2335efe-7640-4036-8207-91774560fe9d","availability",[],{"id":473,"color":26,"rangeValue":9,"label":474,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":475},"c346a871-09a6-4bf5-a634-6cef7ff51b5c","integrity",[],{"id":477,"color":26,"rangeValue":9,"label":478,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":479},"febe7354-58ae-459b-a124-fea83f918dd6","confidentiality",[],{"id":481,"slug":482,"label":483,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":484,"displayConditions":9,"answers":485,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"48310d99-9cfd-4d41-9f63-8f2a1bb613c0","2-13-identify-situations-that-may-affect-the-confidentiality-of-data","2.13. Identify situations that may affect the confidentiality of data.",[],[486,490,494,498,502],{"id":487,"color":26,"rangeValue":9,"label":488,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":489},"f3d09bd7-018a-47d1-acde-a2ab7ffe2e6e","Phone theft",[],{"id":491,"color":26,"rangeValue":9,"label":492,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":493},"6c296a3b-92ab-4e73-a192-aa99224d3281","Conversation espionage",[],{"id":495,"color":26,"rangeValue":9,"label":496,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":497},"fcdd03f7-2ea8-4b8a-b836-82474315d14e","Computer theft",[],{"id":499,"color":26,"rangeValue":9,"label":500,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":501},"f74f8c05-cb33-4a0f-9ea6-716742e755ae","Email recipient error",[],{"id":503,"color":26,"rangeValue":9,"label":504,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":505},"fa804c51-7da7-4564-aafb-9deb221e91af","Modification of data",[],[],{"id":508,"slug":509,"label":510,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":511,"sections":652},"e72e178e-100a-4072-bcf4-c7f788072f17","role-of-the-dpo","Role of the DPO",[512,528,545,563,589,604,616,628,640],{"id":513,"slug":514,"label":515,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":516,"displayConditions":9,"answers":517,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"ea7a9ac0-82a3-4fd4-9004-108d39982e7a","3-1-it-is-mandatory-for-a-public-body-to-designate-a-dpo","3.1. It is mandatory for a public body to designate a DPO.",[],[518,521,524],{"id":519,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":520},"06732043-a332-411a-8e82-a6bdfee36363",[],{"id":522,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":523},"ec91c618-d77a-45bc-82d2-6f81ae68fbf9",[],{"id":525,"color":26,"rangeValue":9,"label":526,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":527},"d699582c-d174-4760-ab35-36bf6eac3deb","It depends",[],{"id":529,"slug":530,"label":531,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":532,"displayConditions":9,"answers":533,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"05981d98-0bb0-4651-906f-7b61069f5fd7","3-2-concerning-relations-with-the-supervisory-authority-tick-the-exact-proposal-","3.2. Concerning relations with the supervisory authority, tick the exact proposal:",[],[534,538,541],{"id":535,"color":26,"rangeValue":9,"label":536,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":537},"beace2a1-00a4-485a-8127-8b2d95617fd7","The DPO acts as a point of contact with the supervisory authority which means that he/she is the person who can refer to the supervisory authority for any consultation following a PIA or other matters that arise for the controller",[],{"id":539,"color":26,"rangeValue":9,"label":536,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":540},"8eaa1da1-6d05-47d2-8326-c27dc8c9be30",[],{"id":542,"color":26,"rangeValue":9,"label":543,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":544},"39e41124-6717-49d2-81ad-566565be9f5a","Any person in the undertaking other than the DPO may refer a matter concerning a processing operation to the supervisory authority provided that he or she informs the DPO",[],{"id":546,"slug":547,"label":548,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":549,"displayConditions":9,"answers":550,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"43487218-79c8-4d84-9d17-e3ecdd59571a","3-3-with-regard-to-internal-control-operations-tick-the-exact-proposal-","3.3. With regard to internal control operations, tick the exact proposal:",[],[551,555,559],{"id":552,"color":26,"rangeValue":9,"label":553,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":554},"07aac98d-ae63-458a-8e87-8c2b07f8d17b","The DPO must monitor compliance with the GDPR; which implies that he can check the conformity of a treatment before it is implemented or afterwards",[],{"id":556,"color":26,"rangeValue":9,"label":557,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":558},"4d447112-5887-49f6-a7d2-93003abc61d3","The DPO must monitor compliance with the GDPR; which implies that he can de facto only intervene after the processing operations have been implemented",[],{"id":560,"color":26,"rangeValue":9,"label":561,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":562},"8514af47-0057-4d0f-ac4b-985df691063d","The DPO must monitor compliance with the GDPR including the related audits; which implies that the DPO does not have to carry out the audits himself/herself",[],{"id":564,"slug":565,"label":566,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":567,"displayConditions":9,"answers":568,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"8f470863-2305-4f90-b7a3-27fd4700237a","3-4-the-missions-of-the-dpo-are-","3.4. The missions of the DPO are:",[],[569,573,577,581,585],{"id":570,"color":26,"rangeValue":9,"label":571,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":572},"6a8b932a-33a7-4099-93eb-3bded27725c8","Inform and advise",[],{"id":574,"color":26,"rangeValue":9,"label":575,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":576},"eeb7cdee-faf6-40b3-8b48-45f5ab73ec03","Control",[],{"id":578,"color":26,"rangeValue":9,"label":579,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":580},"17d408bd-020c-453f-9f96-b5be462e5d45","Sanctioning",[],{"id":582,"color":26,"rangeValue":9,"label":583,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":584},"4309fb8d-7f38-4e5a-bdac-749921cbc6eb","Carrying out the impact assessment",[],{"id":586,"color":26,"rangeValue":9,"label":587,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":588},"c25f185b-f9f4-4194-ac8b-d528519a88cb","Cooperate with the supervisory authority",[],{"id":590,"slug":591,"label":592,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":593,"displayConditions":9,"answers":594,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"36b8236f-3434-40d0-b3e5-d2db3b4a7467","3-5-can-the-chief-information-security-officer-ciso-of-a-company-be-appointed-as-the-dpo-of-this-company","3.5. Can the Chief Information Security Officer (CISO) of a company be appointed as the DPO of this company?",[],[595,598,601],{"id":596,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":597},"8bd27df2-1113-40c5-baa5-4a43cb96930b",[],{"id":599,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":600},"34973258-5899-4b30-a0fb-9c7e9d4da81c",[],{"id":602,"color":26,"rangeValue":9,"label":526,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":603},"cd1dad41-bce0-449c-999e-d091367e0afb",[],{"id":605,"slug":606,"label":607,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":608,"displayConditions":9,"answers":609,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"2e5e0bfe-6723-438b-a17a-eb35640ece51","3-6-the-register-of-processing-operations-is-only-compulsory-for-companies-transferring-data-outside-the-european-union-","3.6. The register of processing operations is only compulsory for companies transferring data outside the European Union:",[],[610,613],{"id":611,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":612},"0c839cd8-5772-4d52-b9c5-6be0db8dcab2",[],{"id":614,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":615},"fad988db-0036-430f-ab63-46b4c477c076",[],{"id":617,"slug":618,"label":619,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":620,"displayConditions":9,"answers":621,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"6af8757a-42e0-4007-89ee-84572463bd3a","3-7-the-record-of-data-processing-activities-must-be-kept-by-","3.7. The record of data processing activities must be kept by:",[],[622,625],{"id":623,"color":26,"rangeValue":9,"label":312,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":624},"779663c4-0732-4e96-bbde-cf4e7e7ec40d",[],{"id":626,"color":26,"rangeValue":9,"label":316,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":627},"991d1e5f-fa94-4a02-a244-c91ca70e5ab9",[],{"id":629,"slug":630,"label":631,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":632,"displayConditions":9,"answers":633,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"19de00ac-204d-42ba-bc43-ac0a741057bf","3-8-does-the-following-situation-represent-a-misuse-of-purpose-the-use-by-a-municipality-for-the-purpose-of-updating-its-user-files-of-data-collected-on-behalf-of-the-state-in-the-context-of-the-population-census","3.8. Does the following situation represent a misuse of purpose? The use by a municipality, for the purpose of updating its user files, of data collected on behalf of the State in the context of the population census.",[],[634,637],{"id":635,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":636},"5e144713-3188-47c5-aa13-70a012886643",[],{"id":638,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":639},"5da8052f-57b2-4c1d-b827-53c05979d45e",[],{"id":641,"slug":642,"label":643,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":644,"displayConditions":9,"answers":645,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"a487501b-80d1-4565-b040-46c3eb3e082f","3-9-the-data-controller-may-give-instructions-to-the-dpo-on-how-to-analyse-the-results-of-an-audit","3.9. The data controller may give instructions to the DPO on how to analyse the results of an audit.",[],[646,649],{"id":647,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":648},"23663002-674d-4e50-91d0-bc56185e6916",[],{"id":650,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":651},"a4426912-3e70-4896-b1eb-15187f4e531a",[],[],{"id":654,"slug":655,"label":656,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":657,"sections":882},"3fa1eec3-a413-4eea-9882-a88a1a2d6590","dpo-managing-the-protection-of-personal-data","DPO: managing the protection of personal data",[658,670,692,704,716,728,742,754,766,778,790,802,820,850,864],{"id":659,"slug":660,"label":661,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":662,"displayConditions":9,"answers":663,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"8ea726b9-2e6a-4f4f-9c4e-cc468299ca4b","4-1-is-it-obligatory-for-the-data-controller-of-a-company-to-communicate-the-register-of-its-company-if-a-person-asks-to-do-so","4.1. Is it obligatory for the data controller of a company to communicate the register of its company if a person asks to do so?",[],[664,667],{"id":665,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":666},"0fe229aa-84b5-407a-b880-121affb535f2",[],{"id":668,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":669},"ad37ff63-6d45-40dd-b0dc-e50f7aed0f2c",[],{"id":671,"slug":672,"label":673,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":674,"displayConditions":9,"answers":675,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"3924a3e7-454e-440b-954b-fcf07e047f6c","4-2-what-categories-of-data-can-be-archived","4.2. What categories of data can be archived?",[],[676,680,684,688],{"id":677,"color":26,"rangeValue":9,"label":678,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":679},"867c3d56-4e7f-4bd9-93a9-b5b3e7157357","All data likely to be of interest in the future",[],{"id":681,"color":26,"rangeValue":9,"label":682,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":683},"660994a7-5851-4e37-a97d-e4de2fdaa7ea","Useful data in the event of litigation",[],{"id":685,"color":26,"rangeValue":9,"label":686,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":687},"51749a1e-e58b-490f-8469-94b7d7a71b84","Data subject to legal obligation to retain",[],{"id":689,"color":26,"rangeValue":9,"label":690,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":691},"eb3e1d2b-cac1-4bea-bfc8-a777d3927dbe","All data",[],{"id":693,"slug":694,"label":695,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":696,"displayConditions":9,"answers":697,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"03b86985-4bf7-4995-a87e-1432f6880492","4-3-individuals-who-have-suffered-harm-may-be-represented-by-an-association-to-bring-an-action-on-their-behalf","4.3. Individuals who have suffered harm may be represented by an association to bring an action on their behalf.",[],[698,701],{"id":699,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":700},"da33e487-73fe-4fbf-8baf-539ce5045127",[],{"id":702,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":703},"553b5320-37e8-466f-8afb-507589a924db",[],{"id":705,"slug":706,"label":707,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":708,"displayConditions":9,"answers":709,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"595059ba-8f92-4b98-9853-2579a9d71d65","4-3-updating-the-data-contained-in-the-files-satisfies-the-principle-of-data-minimization","4.4. Updating the data contained in the files satisfies the principle of data minimization.",[],[710,713],{"id":711,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":712},"a74d332f-e38d-4a21-a0da-88c76e7f066a",[],{"id":714,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":715},"c4a35298-e1ad-4643-ac19-4ba72317c268",[],{"id":717,"slug":718,"label":719,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":720,"displayConditions":9,"answers":721,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"34c50ac2-18c6-4b9c-984c-046976c2ed68","4-5-does-the-next-processing-require-an-impact-assessment-videosurveillance-of-a-warehouse-storing-valuable-goods-and-staffed-by-warehouse-workers","4.5. Does the next processing require an impact assessment? \"Videosurveillance of a warehouse storing valuable goods and staffed by warehouse workers\".",[],[722,725],{"id":723,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":724},"4ac96062-4d6d-4ba5-ad84-287599bb6e25",[],{"id":726,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":727},"8335f39e-c651-45c9-b9f7-17d337586971",[],{"id":729,"slug":730,"label":731,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":732,"displayConditions":9,"answers":733,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"f092fdad-7fec-4209-b567-2cf237a26774","4-6-when-a-person-exercises-one-of-his-rights-eg-right-of-access-with-a-joint-data-controller-which-is-not-in-charge-of-processing-this-type-of-request-the-latter-must-","4.6. When a person exercises one of his rights (e.g. right of access) with a joint data controller which is not in charge of processing this type of request, the latter must:",[],[734,738],{"id":735,"color":26,"rangeValue":9,"label":736,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":737},"486f1a5d-4fcb-4d1f-87d0-50de805c64ff","Give the person the contact details of the joint controller person in charge of processing these requests",[],{"id":739,"color":26,"rangeValue":9,"label":740,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":741},"a7904269-4cbe-4b4f-924c-3e7140c3ca92","Inform the joint controller for processing the request so that a reply can be given to the data subject",[],{"id":743,"slug":744,"label":745,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":746,"displayConditions":9,"answers":747,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"53edb4a1-a1da-4be2-9276-0e8ac986196f","4-7-the-data-protection-compliance-audit-shall-be-limited-to-the-internal-processing-operations-carried-out-by-the-organisation-","4.7. The data protection compliance audit shall be limited to the internal processing operations carried out by the organisation:",[],[748,751],{"id":749,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":750},"93537b5b-bf74-4b18-80e8-498e368e48b8",[],{"id":752,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":753},"9fbddd4c-8d4b-40a5-8949-8f142e3911dc",[],{"id":755,"slug":756,"label":757,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":758,"displayConditions":9,"answers":759,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"3d87cbf5-cd9d-4535-9148-ec67196f21e4","4-8-a-data-protection-compliance-audit-must-absolutely-be-carried-out-by-external-auditors-","4.8. A data protection compliance audit must absolutely be carried out by external auditors:",[],[760,763],{"id":761,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":762},"583e21a0-d7a7-4f58-9ea6-38762827579e",[],{"id":764,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":765},"3170e899-e358-47ab-9032-d4a3222d3dcb",[],{"id":767,"slug":768,"label":769,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":770,"displayConditions":9,"answers":771,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"45fdeeb9-fa56-407d-88f0-6e3a2597dc91","4-9-the-pia-risk-analysis-is-limited-to-technical-risks-","4.9. The PIA risk analysis is limited to technical risks:",[],[772,775],{"id":773,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":774},"db62fcae-1b4e-4033-a781-c0b2537ce3a9",[],{"id":776,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":777},"d4d1c624-fe23-4c1e-8324-a486f56d7754",[],{"id":779,"slug":780,"label":781,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":782,"displayConditions":9,"answers":783,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"2b9e607f-3173-48a3-aac9-7b15f9c3dd3d","4-10-the-pia-should-be-reviewed-on-a-regular-basis-","4.10. The PIA should be reviewed on a regular basis:",[],[784,787],{"id":785,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":786},"08880d24-a88b-453b-ad06-95032d1cee49",[],{"id":788,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":789},"351cf55a-c136-4ff0-b5b9-75a46ac0f256",[],{"id":791,"slug":792,"label":793,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":794,"displayConditions":9,"answers":795,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"dde45386-6292-483b-957c-90c2f4c63008","4-11-the-main-purpose-of-the-data-protection-compliance-audit-is-to-sanction-employees-who-do-not-comply-with-data-protection-","4.11. The main purpose of the data protection compliance audit is to sanction employees who do not comply with data protection:",[],[796,799],{"id":797,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":798},"feab9769-56f4-489c-9780-d565b6d1a3a4",[],{"id":800,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":801},"b6c98214-0d27-4c80-8eb1-9effb85fdcb2",[],{"id":803,"slug":804,"label":805,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":806,"displayConditions":9,"answers":807,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"4615cb2f-d053-4062-b34e-37f6d7e5c734","4-12-where-an-individual-objects-to-the-processing-of-his-or-her-data-by-a-body-the-body-shall-","4.12. Where an individual objects to the processing of his or her data by a body, the body shall:",[],[808,812,816],{"id":809,"color":26,"rangeValue":9,"label":810,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":811},"c0b95761-1b9b-4e52-a9c6-cfa0954d106b","Refuse to grant the request if a legal provision makes it obligatory to treat",[],{"id":813,"color":26,"rangeValue":9,"label":814,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":815},"c9ccad85-e19d-4ba8-8b35-d1bca89709dc","Ask the person to justify the request if the processing in question is not intended for canvassing/prospecting",[],{"id":817,"color":26,"rangeValue":9,"label":818,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":819},"df6bc88c-bd86-4c93-b9f4-99d939c47c5d","Necessarily grant the application if the ground presented is legitimate",[],{"id":821,"slug":822,"label":823,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":824,"displayConditions":9,"answers":825,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"43b82bf7-2706-4463-aeb1-6c63eaf99800","4-13-documenting-processing-activities-involves-collecting-and-maintaining-the-following-documents-","4.13. Documenting processing activities involves collecting and maintaining the following documents:",[],[826,830,834,838,842,846],{"id":827,"color":26,"rangeValue":9,"label":828,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":829},"4a76c2db-95f3-45c5-be2b-9709c250f476","Information used",[],{"id":831,"color":26,"rangeValue":9,"label":832,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":833},"9b593fb0-3629-4559-bb28-8788530807d6","Impact assessments carried out",[],{"id":835,"color":26,"rangeValue":9,"label":836,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":837},"0dd80b4e-d976-4b40-b723-047c4bde5277","Register of processing operations carried out",[],{"id":839,"color":26,"rangeValue":9,"label":840,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":841},"33891b49-de1c-4587-8ac1-e911517d46dc","Outsourcing contracts in progress",[],{"id":843,"color":26,"rangeValue":9,"label":844,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":845},"414ec7ed-c6fd-4598-9c5a-b1c12519f18a","Consent forms",[],{"id":847,"color":26,"rangeValue":9,"label":848,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":849},"3f6b9d18-e085-4aa9-92cb-0676b67b7269","Register of violations",[],{"id":851,"slug":852,"label":853,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":854,"displayConditions":9,"answers":855,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"9b7fe060-4c9c-4aeb-bb6e-5112b77f2cba","4-14-failure-to-notify-a-breach-of-personal-data-is-likely-to-lead-the-data-controller-","4.14. Failure to notify a breach of personal data is likely to lead the data controller:",[],[856,860],{"id":857,"color":26,"rangeValue":9,"label":858,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":859},"2465db8b-1bbe-435d-9e08-c8f1c398d288","To be the subject of an administrative penalty by the supervisory authority",[],{"id":861,"color":26,"rangeValue":9,"label":862,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":863},"df7b84da-ae66-4c07-b834-29877377e105","To be the subject of a criminal sanction",[],{"id":865,"slug":866,"label":867,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":868,"displayConditions":9,"answers":869,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"aa257833-e314-41c0-97b9-238837b75603","4-15-a-data-protection-impact-assessment-pia-should-","4.15. A data protection impact assessment (PIA) should:",[],[870,874,878],{"id":871,"color":26,"rangeValue":9,"label":872,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":873},"4772ad96-21b1-45e1-9cde-b9f8fb13f240","Be carried out by the Control Authority",[],{"id":875,"color":26,"rangeValue":9,"label":876,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":877},"7e892cdd-827e-4e78-b2f5-bf7a15140eca","Be carried out in the event of a risk to the rights and freedoms of individuals",[],{"id":879,"color":26,"rangeValue":9,"label":880,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":881},"a6de1e84-78a9-472a-8f14-5dc5c6ba19e1","Be systematically submitted to the Control Authority",[],[],{"id":884,"slug":885,"label":886,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":887,"sections":1090},"b2634026-74cb-44e7-87b0-c26f826dbee8","manage-controls-by-the-authority","Manage controls by the authority",[888,900,912,930,945,960,972,984,996,1010,1022,1040,1054,1072],{"id":889,"slug":890,"label":891,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":892,"displayConditions":9,"answers":893,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"2be68141-01e8-4f4b-84ad-040acfffed42","5-1-the-supervisory-authority-may-impose-a-sanction-only-if-the-body-concerned-has-not-complied-with-a-formal-notice-to-comply-with-the-gdpr","5.1. The supervisory authority may impose a sanction only if the body concerned has not complied with a formal notice to comply with the GDPR.",[],[894,897],{"id":895,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":896},"7951ebad-51bf-4523-8eb5-b0d18a3ee712",[],{"id":898,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":899},"b06fcf8d-16f2-4260-a395-447c44f523e7",[],{"id":901,"slug":902,"label":903,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":904,"displayConditions":9,"answers":905,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"de62af1a-2e33-4c08-928f-14730652cc43","5-2-the-supervisory-authority-shall-have-access-to-the-bodys-register-of-processing-operations-only-in-the-context-of-a-control","5.2. The supervisory authority shall have access to the body's register of processing operations only in the context of a control.",[],[906,909],{"id":907,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":908},"6886d522-92e4-4d76-8e42-5df3ce4ce5c9",[],{"id":910,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":911},"ac439e4b-2101-42fe-bdf6-b9c5e6637b37",[],{"id":913,"slug":914,"label":915,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":916,"displayConditions":9,"answers":917,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"44c01a2d-6417-4274-a116-4512d967e68d","5-31-who-co-ordinates-the-action-of-the-data-protection-authorities-of-the-member-states","5.3.1. Who: Co-ordinates the action of the data protection authorities of the Member States",[],[918,922,926],{"id":919,"color":26,"rangeValue":9,"label":920,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":921},"6bc5a995-cda9-4d3c-9421-b7ba378beb19","National data protection authority (e.g. CNIL)",[],{"id":923,"color":26,"rangeValue":9,"label":924,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":925},"576a976e-5843-47f3-aadb-faf27eeecf7e","Court of Justice of the European Union (CJEU)",[],{"id":927,"color":26,"rangeValue":9,"label":928,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":929},"96c19718-687f-4797-9e4c-f031210006ea","European Data Protection Committee (EDPS)",[],{"id":931,"slug":932,"label":933,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":934,"displayConditions":9,"answers":935,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"67d7bf3c-6d92-475e-b8cd-25f27498a24a","5-32-who-ensures-that-eu-legislation-is-interpreted-and-applied-in-the-same-way-in-all-eu-countries-and-guarantees-that-eu-countries-and-institutions-comply-with-european-legislation","5.3.2. Who: Ensures that EU legislation is interpreted and applied in the same way in all EU countries and guarantees that EU countries and institutions comply with European legislation",[],[936,939,942],{"id":937,"color":26,"rangeValue":9,"label":920,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":938},"8c8ee645-cea5-4d73-a240-c6a7e9549538",[],{"id":940,"color":26,"rangeValue":9,"label":924,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":941},"a0b5113d-be8b-4fc5-add4-5d2ef0748f7c",[],{"id":943,"color":26,"rangeValue":9,"label":928,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":944},"33f2a55e-c658-41af-a1dc-9b1824359905",[],{"id":946,"slug":947,"label":948,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":949,"displayConditions":9,"answers":950,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"809f2859-242a-4120-9b0a-abfc89d60cf7","5-33-who-helps-individual-to-master-their-rights-assists-professionals-in-complying-with-them-and-sanctions-bodies-that-do-not-comply-why-the-regulations","5.3.3. Who: Helps individual to master their rights; assists professionals in complying with them and sanctions bodies that do not comply why the regulations",[],[951,954,957],{"id":952,"color":26,"rangeValue":9,"label":920,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":953},"1796c1a3-c435-4292-b579-b55f03ead053",[],{"id":955,"color":26,"rangeValue":9,"label":924,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":956},"a80968c8-128e-472e-a3e0-1d056bdc4abb",[],{"id":958,"color":26,"rangeValue":9,"label":928,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":959},"9a7cfc13-8b81-4b54-a17d-af0838546508",[],{"id":961,"slug":962,"label":963,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":964,"displayConditions":9,"answers":965,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"7b383876-7441-4d69-8300-5b03247d6aeb","5-4-in-case-of-cross-border-processing-the-data-protection-authorities-concerned-may-have-to-agree-that-as-the-case-may-be-a-single-sanction-decision-should-be-taken-on-behalf-of-all-the-authorities","5.4. In case of cross-border processing, the data protection authorities concerned may have to agree that, as the case may be, a single sanction decision should be taken on behalf of all the authorities.",[],[966,969],{"id":967,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":968},"1e07b80a-b84f-4fdc-98cb-75a46bbadc9c",[],{"id":970,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":971},"c49bd78a-83ca-4fde-b552-a5fe3dec65f1",[],{"id":973,"slug":974,"label":975,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":976,"displayConditions":9,"answers":977,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"7baeb225-c894-4924-80bc-07c88b471661","5-5-the-law-allows-public-authorities-to-access-personal-data-held-by-bodies-without-having-to-provide-evidence","5.5. The law allows public authorities to access personal data held by bodies without having to provide evidence.",[],[978,981],{"id":979,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":980},"f3667840-2f0f-4447-9df8-d80a0ed55610",[],{"id":982,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":983},"e5f50365-4fbc-4dcb-81f8-b5c85adfe895",[],{"id":985,"slug":986,"label":987,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":988,"displayConditions":9,"answers":989,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"594ebfde-bd29-4cc7-a954-a1be632623a8","5-6-any-person-who-considers-that-processing-of-data-relating-to-him-or-her-does-not-comply-with-the-gdpr-may-lodge-a-complaint-with-the-supervisory-authority-of-the-member-state-where-the-breach-of-the-gdpr-is-alleged-to-have-occurred","5.6. Any person who considers that processing of data relating to him or her does not comply with the GDPR may lodge a complaint with the supervisory authority of the Member State where the breach of the GDPR is alleged to have occurred.",[],[990,993],{"id":991,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":992},"d00be3b1-7766-44ac-b207-58d2df9c469f",[],{"id":994,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":995},"f7441ec1-67ca-408c-a88d-fb34b90a8b3b",[],{"id":997,"slug":998,"label":999,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":1000,"displayConditions":9,"answers":1001,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"d9dd6e71-3d51-4a17-8a8d-5ffd6429a0e1","5-7-in-the-event-of-a-breach-of-data-representing-a-high-risk-to-the-privacy-of-individuals-the-data-controller-must-","5.7. In the event of a breach of data representing a high risk to the privacy of individuals, the data controller must:",[],[1002,1006],{"id":1003,"color":26,"rangeValue":9,"label":1004,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1005},"fa766e29-4b69-4ce9-9d88-dfa402410be6","Inform the supervisory authority",[],{"id":1007,"color":26,"rangeValue":9,"label":1008,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1009},"41215bba-2161-42ed-aca0-a66908e07207","Inform the data subjects directly",[],{"id":1011,"slug":1012,"label":1013,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":1014,"displayConditions":9,"answers":1015,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"df40627b-6bb0-427d-b0a9-9010efc024e4","5-8-the-formal-notice-and-the-sanction-are-confidential-procedures-that-cannot-be-made-public","5.8. The formal notice and the sanction are confidential procedures that cannot be made public.",[],[1016,1019],{"id":1017,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1018},"cd00f53b-55ed-41f5-a99a-25b51b4a25f3",[],{"id":1020,"color":26,"rangeValue":9,"label":33,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1021},"a922d5d8-7f38-4ce4-b466-58b5bb2e7726",[],{"id":1023,"slug":1024,"label":1025,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":1026,"displayConditions":9,"answers":1027,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"e7556938-ad38-4dbf-b973-f932cad74510","5-9-what-is-the-maximum-time-limit-for-notifying-a-data-breach-to-the-supervisory-authority","5.9. What is the maximum time limit for notifying a data breach to the supervisory authority?",[],[1028,1032,1036],{"id":1029,"color":26,"rangeValue":9,"label":1030,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1031},"965d53e0-3ce3-4b7d-b75c-a78dc91cb63d","24h",[],{"id":1033,"color":26,"rangeValue":9,"label":1034,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1035},"6e18996c-bb5d-4c07-85ac-3b729c004cc3","48h",[],{"id":1037,"color":26,"rangeValue":9,"label":1038,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1039},"62e3d141-fff3-422a-9b9f-9d8a5747c7ab","72h",[],{"id":1041,"slug":1042,"label":1043,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":1044,"displayConditions":9,"answers":1045,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"a37ff52c-b992-45e4-8d1e-cce293d14b71","5-10-in-the-event-of-formal-notice-the-body-must-","5.10. In the event of formal notice, the body must:",[],[1046,1050],{"id":1047,"color":26,"rangeValue":9,"label":1048,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1049},"7bd07dba-7a1a-4763-8c96-fef81cb99462","Bring to an end the failure(s) identified by the supervisory authority within a specified period of time",[],{"id":1051,"color":26,"rangeValue":9,"label":1052,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1053},"3265be8a-097a-4105-9fff-28a60f27ec30","Communicate to the supervisory authority the justifications for the actions taken",[],{"id":1055,"slug":1056,"label":1057,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":1058,"displayConditions":9,"answers":1059,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"10fa7abf-4fba-44e4-901a-02a8a0639b8c","5-11-penalties-for-non-compliance-with-the-fundamental-principles-of-the-gdpr-purpose-minimisation-shelf-life-etc-or-the-rights-of-individuals-may-amount-up-to-","5.11. Penalties for non-compliance with the fundamental principles of the GDPR (purpose, minimisation, shelf life, etc.) or the rights of individuals may amount up to:",[],[1060,1064,1068],{"id":1061,"color":26,"rangeValue":9,"label":1062,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1063},"7f40bc94-5a5c-4572-b4f7-8f29ac803640","2% of sales or 10 million euros",[],{"id":1065,"color":26,"rangeValue":9,"label":1066,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1067},"39962348-6921-42fe-8e24-c372ca1c5c79","4% of sales or 20 million euros",[],{"id":1069,"color":26,"rangeValue":9,"label":1070,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1071},"c8f43089-0b15-4a44-bcec-d9963beaf1ed","6% of sales or 40 million euros",[],{"id":1073,"slug":1074,"label":1075,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":95,"typeIndex":96,"typeColor":9,"typeIcon":9,"typeText":97,"dynamicSelectType":9,"editableOptions":21,"complianceRules":1076,"displayConditions":9,"answers":1077,"listQuestions":9,"required":29,"requiredJustification":21,"suggestTask":21,"riskEnabled":29,"native":21},"72120d4f-40a2-4d66-b860-79b78cc06d6f","5-12-designating-a-lead-authority-serves-to-facilitate-the-management-of-exchanges-with-supervisory-authorities-in-the-event-of-","5.12. Designating a lead authority serves to facilitate the management of exchanges with supervisory authorities in the event of:",[],[1078,1082,1086],{"id":1079,"color":26,"rangeValue":9,"label":1080,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1081},"38317f66-467c-4262-9ac7-5eaed8301443","joint responsability for processing",[],{"id":1083,"color":26,"rangeValue":9,"label":1084,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1085},"17609b27-14a9-47a1-9a1b-0d0e5bc00ff6","further processing",[],{"id":1087,"color":26,"rangeValue":9,"label":1088,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":29,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":1089},"d4c06959-f375-4f79-b757-cd0179b9fbf0","cross-border processing",[],[],[1092,1110,1125],{"id":1093,"label":1094,"variant":1095,"variantIndex":28,"variantColor":1096,"variantIcon":1097,"variantText":1095,"contentHtml":1098,"displayConditions":1099},"42032975-9fb8-4758-9a9e-58dbf31ae46d","Advanced","Success","#1ab586","icon-checkmark","\u003Cp>Congratulations! You have a very good understanding of data protection. Feel free to follow \u003Ca href=\"https://www.dastra.eu/en/articles\">Dastra's news\u003C/a> to stay up to date on the subject.\u003C/p>",{"id":1100,"separator":1101,"field":9,"operator":1102,"value":9,"rules":1103},"d7b6c01f-65fa-4da7-994a-58939581bfcf","And","equal",[1104],{"id":1105,"separator":9,"field":1106,"operator":1107,"value":1108,"rules":1109},"77496a0a-9167-423d-b226-0f9d72e3f769","readiness","greaterThanInclusive","80",[],{"id":1111,"label":1112,"variant":1095,"variantIndex":28,"variantColor":1096,"variantIcon":1097,"variantText":1095,"contentHtml":1113,"displayConditions":1114},"6e349f2a-9f87-4fca-bc7b-1dc3742b43fb","Intermediate","\u003Cp>Congratulations you have completed the GDPR e-test! You have good knowledge, but you can still improve! Dastra offers a \u003Ca href=\"https://www.dastra.eu/en/guide\">knowledge base\u003C/a> for self-training on the subject.\u003C/p>",{"id":1115,"separator":1101,"field":9,"operator":1102,"value":9,"rules":1116},"a99dce20-9f85-404a-9ccc-15728146b2fa",[1117,1121],{"id":1118,"separator":9,"field":1106,"operator":1107,"value":1119,"rules":1120},"c2625aeb-3824-4b8b-a499-ca6461fffabf","60",[],{"id":1122,"separator":9,"field":1106,"operator":1123,"value":1108,"rules":1124},"07ea4640-bf77-491c-ac1b-847de1fb6bee","lessThan",[],{"id":1126,"label":1127,"variant":1128,"variantIndex":1129,"variantColor":1130,"variantIcon":1131,"variantText":1128,"contentHtml":1132,"displayConditions":1133},"6e69a274-a848-4f03-86f0-33223cfc6ddf","Elementary","Warning",2,"#ffc107","icon-alert-circle","\u003Cp>You have completed the GDPR e-test. You have some basics, but that's not enough. Dastra offers a \u003Ca href=\"https://www.dastra.eu/en/guide\">knowledge base\u003C/a> for self-training on the subject.\u003C/p>",{"id":1134,"separator":1101,"field":9,"operator":1102,"value":9,"rules":1135},"db933f5a-c795-4139-a87c-a52137f4c1ca",[1136],{"id":1137,"separator":9,"field":1106,"operator":1123,"value":1119,"rules":1138},"0d8e7cb7-7fb9-4b11-b464-6d80178c9ed5",[],"28818a71-e202-4975-aa86-08db045c00d1","1.0","Data Protection Knowledge Audit","DwyLiueGvBaiLfkIM6F9y4rZNVoYUObpuGO51ICPOvQi7JNWRKpEiChALJCE","https://static.dastra.eu/tenant-3/audit/pFadPnDsv3GPIY/knowledge-base-150.jpg","This questionnaire assesses understanding of privacy laws, data handling, cybersecurity, and compliance. Identify strengths and areas for improvement in data protection knowledge.","2023-02-01T21:40:38.6417757","2025-09-16T14:36:40.7132127","Formation",6,"Training",{"id":1151,"displayName":1152,"familyName":1153,"givenName":1154,"email":1155,"active":29,"color":1156,"avatarUrl":1157,"tenantId":11},69,"Dastro Naute","Naute","Dastro","contact@dastra.eu","#784000","https://static.dastra.eu/tenant-3/avatar/69/assistant-150.png",[1159],{"id":1160,"displayName":1161,"familyName":1162,"givenName":1163,"email":1164,"active":29,"color":1165,"avatarUrl":1166,"tenantId":11},31,"Jérôme de Mercey","de Mercey","Jérôme","jerome.demercey@dastra.eu","#99C691","https://static.dastra.eu/tenant-10/avatar/31/Zuh7XFZe5EnnTo/design-sans-titre-2-150.png",[1168],{"id":1169,"label":1170,"type":1171,"typeIndex":1172,"typeColor":1173,"typeIcon":1174,"typeText":1175,"color":1176},"5d13e13b-84c0-44a1-8e42-3e9f684542d7","E-learning","AuditTemplate",9,"#83d162","ds-icon-audit","Questionnaire template","#4E6374",66]