[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJeXQw03FlT_IpfA5ftCIPY6glt36mn3qqFlsvJ01NPU":3},{"sections":4,"resultAnalysis":779,"id":780,"version":781,"newVersion":32,"label":782,"isPinned":32,"isShared":35,"sharingToken":783,"isRevision":32,"isBlockAnalysisShared":32,"nbReferences":30,"referenceId":9,"nbResponses":20,"parentId":9,"revisionDescription":784,"logoUrl":785,"description":786,"scheduleIntervalDays":9,"versionNumber":11,"dateCreation":787,"dateUpdate":788,"dateArchived":9,"archived":32,"type":789,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":790,"creator":791,"objectType":799,"objectTypeIndex":30,"objectTypeColor":316,"objectTypeIcon":800,"objectTypeText":801,"defaultOwners":802,"tags":809,"privacyHubs":9,"nbQuestions":822,"nbQuestionsRequired":823,"nbDatas":20,"deadLineDays":9},[5,82,230,483,669],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":13,"sections":14},"c9a58e6a-99f1-48f9-855f-4f756bb67b05","context","Context",null,"Chapter",1,"SectionType_Chapter",[],[15,52],{"id":16,"slug":17,"label":18,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":22,"questions":23,"sections":51},"bc433937-84a5-49bf-b4b0-8a73d6d07300","generalites","General Information","Default",0,"SectionType_Default","\u003Cp>What are we talking about?\u003C/p>",[24,36,43],{"id":25,"slug":26,"label":27,"tooltipHtml":9,"descriptionHtml":28,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":33,"displayConditions":9,"answers":34,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"9b84b397-0ef0-4c84-8166-26ea56395e55","pia_111","What is the data processing that is being studied?","\u003Cp>\u003Cem>Present in a synthetic way: its name, its purpose(s), its stakes (expected contributions), its context of use\u003C/em>\u003C/p>","RichText",2,"Text editor",false,[],[],true,{"id":37,"slug":38,"label":39,"tooltipHtml":9,"descriptionHtml":40,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":41,"displayConditions":9,"answers":42,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"da5d4ca0-7043-43b5-8860-3dfda17b9446","pia_112","What are the responsibilities related to the data processing activity ?","\u003Cp>\u003Cem>Describe the responsibilities of the stakeholders: the controller, the processors and the joint controllers if applicable\u003C/em>\u003C/p>",[],[],{"id":44,"slug":45,"label":46,"tooltipHtml":47,"descriptionHtml":48,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":49,"displayConditions":9,"answers":50,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"0b120bbc-f52b-402d-9156-4a506f881a4c","pia_113","What are the applicable standards?","\u003Cp>These may include data protection authorities' guidelines, recommendations, sector-specific codes of conduct or the certifications provided for under the GDPR.\u003C/p>","\u003Cp>\u003Cem>Indicate here which benchmarks are applicable to the data processing activity. The benchmarks are normative frameworks and are used to assist in conducting the analysis.\u003C/em>\u003C/p>",[],[],[],{"id":53,"slug":54,"label":55,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":56,"questions":57,"sections":81},"806d304d-86d5-4c37-9000-160647c9846a","contexte-1","Description","\u003Cp>Details of the data processing activity\u003C/p>",[58,66,74],{"id":59,"slug":60,"label":61,"tooltipHtml":62,"descriptionHtml":63,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":64,"displayConditions":9,"answers":65,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"f1ba199c-beba-48e4-9025-0c3cd1994c00","pia_121","What data is processed?","\u003Cp>\u003Cstrong>Personal data\u003C/strong> is \u003Cstrong>any information relating to an identified or identifiable individual.\u003C/strong>\u003C/p>\u003Cp>▶ Information can be of \u003Cstrong>any kind\u003C/strong>: a text, an image, computer code, speech, whatever the medium.\u003C/p>\u003Cp>▶ The information \u003Cstrong>concerns one individual and one person only\u003C/strong>, and not a group of people. The information must not only designate the individual but \u003Cstrong>be attributed to him or her\u003C/strong>. For example, a comment may not mention a person's name but concern that person alone. This is personal data.\u003C/p>\u003Cp>▶ This means that it concerns \u003Cstrong>a human being and not an animal, a company or an association\u003C/strong>. \u003Cstrong>The right to protection of personal data is one of the fundamental human rights\u003C/strong>.\u003C/p>\u003Cp>▶ The person must be \u003Cstrong>identifiable\u003C/strong>, i.e. \u003Cstrong>directly\u003C/strong> when the information relates directly to the person (for example, his or her surname and first name) or \u003Cstrong>indirectly\u003C/strong>. This is the case when information cross-referenced with other information makes it possible to identify the person.\u003C/p>\u003Cp>A \u003Cstrong>retention period\u003C/strong> must be defined for each type of data and justified by the needs of the processing and/or legal constraints.\u003C/p>\u003Cp>A distinction is made between \u003Cstrong>current data\u003C/strong> and \u003Cstrong>archived data\u003C/strong>, access to which is restricted to the parties concerned. \u003Cstrong>A deletion mechanism must be implemented\u003C/strong> to archive current data or purge archived data at the end of its retention period.\u003C/p>\u003Cp>The \u003Cstrong>recipients\u003C/strong> correspond to all the entities that will have access to the data other than the public authorities (authorised third parties such as the data protection authorities, the criminal investigation police or the tax authorities, for example).\u003C/p>\u003Cp>This includes the data controller's internal departments (the HR department, for example), subcontractors, joint controllers and other data controllers (commercial partners, for example).\u003C/p>\u003Cp>Also specify \u003Cstrong>who has access to the data\u003C/strong>. Sometimes recipients do not necessarily have access to the data.\u003C/p>\u003Cp>Depending on the authorisation policy, only certain people may have unencrypted access to the information.\u003C/p>","\u003Cp>\u003Cem>List the data collected and processed, indicating the retention periods, the recipients and the persons who can access them.\u003C/em>\u003C/p>",[],[],{"id":67,"slug":68,"label":69,"tooltipHtml":70,"descriptionHtml":71,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":72,"displayConditions":9,"answers":73,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"40388b72-9edd-461b-92d3-020e9b9513e3","pia_122","How does the data life cycle work (functional description)?","\u003Cp>Commencez par la collecte directe auprès de la personne concernée ou indirecte et décrivez son parcours, les acteurs qu'elle rencontre, les utilisations qui en sont faites et sa fin de vie.\u003C/p>\u003Cp>Vous devez décrire chaque processus mis en oeuvre (par exemple, la transmission à un prestataire, la collecte des données, la mise en archivage ou encore la suppression).\u003C/p>","\u003Cp>\u003Cstrong>\u003Cem>Describe the life cycle of the data here.\u003C/em>\u003C/strong>\u003C/p>\u003Cp>\u003Cstrong>\u003Cem>You may include a flow diagram as an attachment to your response.\u003C/em>\u003C/strong>\u003C/p>",[],[],{"id":75,"slug":76,"label":77,"tooltipHtml":9,"descriptionHtml":78,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":79,"displayConditions":9,"answers":80,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"8ae3d61e-761e-44f0-a348-f097309043c0","pia_123","What are the data media?","\u003Cp>\u003Cem>Detail here the medium (or carriers) of the data. For example, the application or software used to process the data.\u003C/em>\u003C/p>",[],[],[],{"id":83,"slug":84,"label":85,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":86,"sections":87},"e4c38fc9-692b-494d-959a-f3f652c86d03","basic-principles","Basic principles",[],[88,156],{"id":89,"slug":90,"label":91,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":92,"questions":93,"sections":155},"3b1476c9-83bb-4f84-9be4-31ea3b63cfb2","proportionnalite-et-necessite-des-donnees","Proportionality Assessment and Data Need","\u003Cp>PIA Stage 2: Proportionality Assessment and Data Need\u003C/p>",[94,102,110,118,126,134],{"id":95,"slug":96,"label":97,"tooltipHtml":98,"descriptionHtml":99,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":100,"displayConditions":9,"answers":101,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"f8971157-f190-4d87-a64f-bf0e0c8b0d4d","pia_211","Are the purposes of the processing determined, explicit and legitimate?","\u003Ch3>All purposes must be \u003Cstrong>specified.\u003C/strong>\u003C/h3>\u003Cp>In other words, it must be sufficiently defined to allow all the necessary data protection guarantees to be implemented and to delimit the scope of the processing.\u003C/p>\u003Cp>The purpose of the collection must be \u003Cstrong>clearly and specifically identified\u003C/strong>. The purpose cannot be too vague or general.\u003C/p>\u003Cp>The fact that the information must be precise does not mean that longer and more detailed specifications are always necessary or useful. In fact, a detailed description can sometimes even be counter-productive. This may be the case, for example, if the written, detailed specification of the purpose is too legalistic and provides warnings rather than useful information for those involved and other stakeholders.\u003C/p>\u003Ch3>Purposes must be \u003Cstrong>explicit\u003C/strong>.\u003C/h3>\u003Cp>In other words, they must be clearly revealed, explained or expressed \u003Cstrong>in an intelligible form\u003C/strong>.\u003C/p>\u003Cp>The ultimate aim of this requirement is to ensure that the objectives are specified without any ambiguity as to their meaning or intention. What is meant must be clear and must leave no doubt or difficulty of understanding.\u003C/p>\u003Cp>This contributes to transparency and predictability.\u003C/p>\u003Ch3>Purposes must be \u003Cstrong>legitimate\u003C/strong>.\u003C/h3>\u003Cp>The requirement for legitimacy means that \u003Cstrong>the objectives must \"comply with the law\" in the broadest sense.\u003C/strong>\u003C/p>\u003Cp>This goes beyond the requirement of the legal basis for processing.\u003C/p>\u003Cp>Within the limits of the law, other elements such as customs, codes of conduct, codes of ethics, contractual agreements, as well as the general context and facts of the business, may also be taken into account to determine whether a particular purpose is legitimate. This will include the nature of the underlying relationship between the controller and the data subjects, whether commercial or otherwise.\u003C/p>\u003Cp>\u003Cem>For example, a company segments its customers into two groups according to their ethnic profile: it charges higher prices to \"white\" customers than to \"Asian\" customers. In this case, the treatment gives rise to discriminatory practices, which are not legitimate.\u003C/em>\u003C/p>","\u003Cp>\u003Cem>Explain how the purposes of the processing are specified, explicit and legitimate.\u003C/em>\u003C/p>",[],[],{"id":103,"slug":104,"label":105,"tooltipHtml":106,"descriptionHtml":107,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":108,"displayConditions":9,"answers":109,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"2c6a7a59-d8ec-48c0-b4c1-f28b396cdfd9","pia_212","What is/are the basis(s) that make your data processing lawful?","\u003Cp>Processing is \u003Cstrong>lawful\u003C/strong> only if, and insofar as, at least one of the following \u003Cstrong>6 conditions\u003C/strong> is met:\u003C/p>\u003Cp>▶ The data subject has \u003Cstrong>consented to the processing\u003C/strong> of his or her personal data for one or more specific purposes;\u003C/p>\u003Cp>▶ The processing is necessary \u003Cstrong>for the delivery of a contract\u003C/strong> to which the data subject is a party or for the performance of pre-contractual measures taken at the data subject's request;\u003C/p>\u003Cp>▶ Processing is necessary for \u003Cstrong>compliance with a legal obligation\u003C/strong> to which the controller is subject;\u003C/p>\u003Cp>▶ Processing is necessary in order to \u003Cstrong>protect the vital interests\u003C/strong> of the data subject or of another natural person;\u003C/p>\u003Cp>▶ Processing is necessary for the \u003Cstrong>delivery of a task carried out in the public interest\u003C/strong> or in the exercise of official authority vested in the controller;\u003C/p>\u003Cp>▶ Processing is necessary \u003Cstrong>for the purposes of the legitimate interests\u003C/strong> pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data prevail, in particular where the data subject is a child.\u003C/p>","\u003Cp>\u003Cem>Specify the legal basis associated with your processing. For example, consent, legal obligation or legitimate interests.\u003C/em>\u003C/p>",[],[],{"id":111,"slug":112,"label":113,"tooltipHtml":114,"descriptionHtml":115,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":116,"displayConditions":9,"answers":117,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"e607cf83-1b1c-4d09-afb4-8f342e34898f","pia_213","Is the data collected adequate, relevant and limited to what is necessary for the purposes for which it is processed (data minimization)?","\u003Cp>The \u003Cstrong>principle of minimisation\u003C/strong> stipulates that personal data must be \u003Cstrong>adequate, relevant\u003C/strong> and \u003Cstrong>limited\u003C/strong> to what is necessary for the purposes for which it is processed.\u003C/p>\u003Cp>\u003Cstrong>The right questions to ask:\u003C/strong>\u003C/p>\u003Cul>\u003Cli>\u003Cp>What data do I really need to achieve the objective set for my file?\u003C/p>\u003C/li>\u003Cli>\u003Cp>Have I made a clear distinction between mandatory and optional data? \u003C/p>\u003C/li>\u003Cli>\u003Cp>Is the data I am collecting objective?\u003C/p>\u003C/li>\u003Cli>\u003Cp>Will I be able, in complete transparency, to give any person who so requests access to all the data I hold on them?\u003C/p>\u003C/li>\u003Cli>\u003Cp>Am I collecting sensitive data? Do I have the right to collect this data? Is it justified in terms of my duties?  Can I do otherwise?\u003C/p>\u003C/li>\u003C/ul>","\u003Cp>\u003Cem>Explain how each piece of data is necessary to accomplish the purposes of the processing.\u003C/em>\u003C/p>",[],[],{"id":119,"slug":120,"label":121,"tooltipHtml":122,"descriptionHtml":123,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":124,"displayConditions":9,"answers":125,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"72a602c9-da8a-4025-8409-f5d0c1ac0f33","pia_214","Is the data accurate and kept up to date?","\u003Cp>The accuracy of data is provided for in Article 5.1 d) of the GDPR.\u003C/p>\u003Cp>\u003Cstrong>Quality control\u003C/strong> must be carried out on the data to ensure that it is accurate and meets the purpose of the processing.\u003C/p>\u003Cp>\u003Cstrong>In the event of inaccuracy\u003C/strong>, the data must be \u003Cstrong>rectified\u003C/strong> or \u003Cstrong>deleted\u003C/strong> without delay.\u003C/p>\u003Cp>Quality processes must be put in place. For example, control of data by the user.\u003C/p>","\u003Cp>\u003Cem>Describe the measures implemented to ensure data quality.\u003C/em>\u003C/p>",[],[],{"id":127,"slug":128,"label":129,"tooltipHtml":130,"descriptionHtml":131,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":132,"displayConditions":9,"answers":133,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"59dad23f-9ae8-4ed9-a4e6-3c6980e33b3c","pia_215","What are the data retention periods?","\u003Cp>A \u003Cstrong>retention period\u003C/strong> must be defined for each type of data, justified by the needs of the processing and/or legal constraints.\u003C/p>\u003Cp>\u003Cstrong>A distinction is made between current data and archived data\u003C/strong>, access to which is restricted to the parties concerned. \u003Cstrong>A deletion mechanism must be implemented\u003C/strong> to archive current data or purge archived data at the end of its retention period.\u003C/p>\u003Cp>\u003Cstrong>Functional traces will also need to be purged\u003C/strong>, as will \u003Cstrong>technical logs\u003C/strong>, which cannot be kept indefinitely.\u003C/p>","\u003Cp>\u003Cem>Explain why the retention period for each data item is necessary to achieve the purposes of the processing.\u003C/em>\u003C/p>",[],[],{"id":135,"slug":136,"label":137,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":141,"displayConditions":9,"answers":142,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"8547da81-8787-4455-b128-2df2524f90eb","pia_216","How do you evaluate the measures implemented?","Radio",7,"Unique choice list",[],[143,147,151],{"id":144,"color":9,"rangeValue":9,"label":145,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":146},"b276dc4b-fea0-4636-85ec-6f02e8c3fb67","Acceptable",[],{"id":148,"color":9,"rangeValue":9,"label":149,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":150},"3ec1d184-117c-44ab-ac85-920920f6dc0b","To be improved",[],{"id":152,"color":9,"rangeValue":9,"label":153,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":154},"dd65091e-6e65-4046-b775-d4de16051f1c","Not acceptable",[],[],{"id":157,"slug":158,"label":159,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":9,"questions":160,"sections":229},"04f1e214-bc94-4968-881f-5bcb980647d4","information-des-personnes-1","Measures to protect rights",[161,169,177,185,192,199,207,215],{"id":162,"slug":163,"label":164,"tooltipHtml":165,"descriptionHtml":166,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":167,"displayConditions":9,"answers":168,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"eb329a86-c193-4964-8890-c8d61c1b24a5","pia_221","How are data subjects informed about the processing (transparency)\n","\u003Cp>\u003Cstrong>Exemptions\u003C/strong> from the requirement to provide information are possible in the case of direct data collection \"where, and insofar as, the data subject already has this information\".\u003C/p>\u003Cp>In the case of \u003Cu>indirect data collection\u003C/u>, information may not be provided:\u003C/p>\u003Cul>\u003Cli>\u003Cp>if providing this information is impossible or would require a disproportionate effort ;\u003C/p>\u003C/li>\u003Cli>\u003Cp>where national or EU law provides for exemption\u003C/p>\u003C/li>\u003Cli>\u003Cp>or in the case of an obligation of professional secrecy.\u003C/p>\u003C/li>\u003C/ul>\u003Cp>The \u003Cstrong>information must be legible and comprehensible\u003C/strong>. It must include the following information\u003C/p>\u003Cul>\u003Cli>\u003Cp>The identity and contact details of the controller\u003C/p>\u003C/li>\u003Cli>\u003Cp>The list of purposes and associated legal bases\u003C/p>\u003C/li>\u003Cli>\u003Cp>Whether data collection is compulsory or optional\u003C/p>\u003C/li>\u003Cli>\u003Cp>The list of recipients or categories of recipients of the data and any transfers outside the EEA\u003C/p>\u003C/li>\u003Cli>\u003Cp>How long the data will be kept (or the criteria for determining this)\u003C/p>\u003C/li>\u003Cli>\u003Cp>The rights of the persons concerned\u003C/p>\u003C/li>\u003Cli>\u003Cp>The contact details of the organisation's data protection officer, if one has been appointed, or of a contact point for personal data protection issues\u003C/p>\u003C/li>\u003Cli>\u003Cp>The right to lodge a complaint with a supervisory authority\u003C/p>\u003C/li>\u003Cli>\u003Cp>the existence of automated decision-making, including profiling\u003C/p>\u003C/li>\u003C/ul>\u003Cp>And in the case of \u003Cu>indirect data collection\u003C/u>:\u003C/p>\u003Cul>\u003Cli>\u003Cp>The categories of personal data\u003C/p>\u003C/li>\u003Cli>\u003Cp>The source of the data\u003C/p>\u003C/li>\u003C/ul>\u003Cp>Data is collected indirectly when it is not connected to the data subjects. For example, through a third party or from a public database.\u003C/p>","\u003Cp>\u003Cem>Indicate here the modalities of information of the persons (data charter, forms...) and the content of the information.\u003C/em>\u003C/p>",[],[],{"id":170,"slug":171,"label":172,"tooltipHtml":173,"descriptionHtml":174,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":175,"displayConditions":9,"answers":176,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"8d1b84c0-32a6-4305-b828-f0343972a4bc","pia_222","If applicable, how is consent obtained from data subjects?","\u003Cp>\u003Cstrong>Consent is one of the six legal bases laid down by the GDPR\u003C/strong> for processing data.\u003C/p>\u003Cp>It must \u003Cstrong>meet \u003C/strong>the following \u003Cstrong>conditions\u003C/strong>:\u003C/p>\u003Cul>\u003Cli>\u003Cp>\u003Cstrong>Free\u003C/strong>: not consenting must not have negative consequences\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Specific\u003C/strong>: you must know what you are consenting to and you must consent for each purpose\u003C/p>\u003Cp>\u003C/p>\u003C/li>\u003Cli>\u003Cp>\u003Cstrong>Informed\u003C/strong>: you must be fully informed about the processing before giving your consent, and at least about :\u003C/p>\u003Cp>- the identity of the controller\u003C/p>\u003Cp>- the purpose\u003C/p>\u003Cp>- the existence of the right to withdraw consent.\u003C/p>\u003C/li>\u003C/ul>\u003Cp>The information must then be supplemented by a personal data charter or privacy policy.\u003C/p>\u003Cul>\u003Cli>\u003Cp>\u003Cstrong>Unambiguous\u003C/strong>: positive action by the individual. The individual must say YES! Consent boxes must not be ticked by default.\u003C/p>\u003C/li>\u003C/ul>\u003Cul>\u003Cli>\u003Cp>\u003Cstrong>Documented\u003C/strong>: consent must be proven.\u003C/p>\u003C/li>\u003C/ul>","\u003Cp>\u003Cem>Indicate here how consent was obtained.\u003C/em>\u003C/p>",[],[],{"id":178,"slug":179,"label":180,"tooltipHtml":181,"descriptionHtml":182,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":183,"displayConditions":9,"answers":184,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"c36d5a34-13dc-416c-9d17-17255ca092d9","pia_223","How can data subjects exercise their right of access and right to portability?","\u003Cp>\u003Cstrong>Managing access rights\u003C/strong> involves asking the following questions:\u003C/p>\u003Cul>\u003Cli>\u003Cp>Can people access all their personal data via the current interfaces?\u003C/p>\u003C/li>\u003Cli>\u003Cp>Can they consult, in a secure manner, the traces of use that concern them?\u003C/p>\u003C/li>\u003Cli>\u003Cp>Can they download an archive of all their personal data?\u003C/p>\u003C/li>\u003C/ul>\u003Cp>For example, if you use Dastra to manage rights, you can indicate the process used (widget, request management, transmission of information via a secure platform, etc.).\u003C/p>\u003Cp>The \u003Cstrong>right to portability\u003C/strong> applies to automated processing operations based on a legal contract or consent.\u003C/p>\u003Cp>It must provide for the possibility of recovering, in an easily reusable form, the personal data supplied by the data subject, so that it can be transferred to a third party service.\u003C/p>","\u003Cp>\u003Cem>Indicate here how you can exercise these rights.\u003C/em>\u003C/p>",[],[],{"id":186,"slug":187,"label":188,"tooltipHtml":189,"descriptionHtml":182,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":190,"displayConditions":9,"answers":191,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"b6b3c988-db4c-4c9b-b581-107983b80f4f","pia_224","How can data subjects exercise their right to rectification and right to erasure (right to be forgotten)?","\u003Cp>The \u003Cstrong>right to erasure\u003C/strong> may be waived in the event of:\u003C/p>\u003Cul>\u003Cli>\u003Cp>exercise of the right to freedom of expression and information\u003C/p>\u003C/li>\u003Cli>\u003Cp>compliance with a legal obligation\u003C/p>\u003C/li>\u003Cli>\u003Cp>for reasons of public interest in the field of health\u003C/p>\u003C/li>\u003Cli>\u003Cp>archives, scientific or historical research and statistics if deletion makes processing impossible\u003C/p>\u003C/li>\u003Cli>\u003Cp>to establish, exercise or defend a legal claim.\u003C/p>\u003C/li>\u003C/ul>\u003Cp>\u003Cstrong>Please note\u003C/strong>: connection data cannot be rectified by its very nature, nor can it be objected to on the grounds of a compelling reason on the part of the data controller.\u003C/p>",[],[],{"id":193,"slug":194,"label":195,"tooltipHtml":196,"descriptionHtml":182,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":197,"displayConditions":9,"answers":198,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"bb89fc6d-9d2d-4f1c-b66a-43ce86ccb615","pia_225","How can data subjects exercise their right of restriction and right of objection?","\u003Cp>If the processing is based on consent or a legal obligation, the right to object does not apply.\u003C/p>",[],[],{"id":200,"slug":201,"label":202,"tooltipHtml":203,"descriptionHtml":204,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":205,"displayConditions":9,"answers":206,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"b551def5-ae62-492c-babf-ebec83f572a0","pia_226","Are the obligations of subcontractors clearly defined and contractualized?","\u003Cp>The \u003Cstrong>processor\u003C/strong> is defined as \u003Cstrong>the natural or legal person, public authority, department or other body which processes personal data on behalf of the controller\u003C/strong>.\u003C/p>\u003Cp>The task of the processor is to \u003Cstrong>carry out tasks on the instructions and under the responsibility of the controller\u003C/strong>.\u003C/p>\u003Cp>In practice, this usually means the \u003Cstrong>service providers\u003C/strong> involved in data processing. This naturally includes the data host or a call centre in the context of a customer service.\u003C/p>\u003Cp>The GDPR lays down a number of obligations for the processor, particularly in terms of data security and compliance with the contractual clauses set out in Article 28 of the Regulation.\u003C/p>\u003Cp>The contract \u003Cstrong>must\u003C/strong> include at minima (more information \u003Ca href=\"https://edpb.europa.eu/our-work-tools/our-documents/guidelines/guidelines-072020-concepts-controller-and-processor-gdpr_en\">here\u003C/a>):\u003C/p>\u003Cul>\u003Cli>\u003Cp>duration,\u003C/p>\u003C/li>\u003Cli>\u003Cp>scope,\u003C/p>\u003C/li>\u003Cli>\u003Cp>purpose,\u003C/p>\u003C/li>\u003Cli>\u003Cp>documented processing instructions,\u003C/p>\u003C/li>\u003Cli>\u003Cp>prior authorisation in the event of recourse to a subcontractor, provision of all documentation providing proof of compliance with the GDPR,\u003C/p>\u003C/li>\u003Cli>\u003Cp>immediate notification of any data breach,\u003C/p>\u003C/li>\u003Cli>\u003Cp>etc.\u003C/p>\u003C/li>\u003C/ul>","\u003Cp>\u003Cem>A subcontracting agreement must be concluded with each of the subcontractors, specifying all the elements provided for in art. 28 of the GDPR.\u003C/em>\u003C/p>",[],[],{"id":208,"slug":209,"label":210,"tooltipHtml":211,"descriptionHtml":212,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":213,"displayConditions":9,"answers":214,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"452ac73b-8dbe-4cb8-a3fa-116ed71ddf52","pia_227","If data is transferred outside the European Union, is the data equally protected?","\u003Cp>Personal data is transferred when it is \u003Cstrong>transferred from European territory to one or more countries outside the European Union\u003C/strong>. The data may be transferred by copying or moving it over a network or from one medium to another (e.g. from a computer hard drive to a server).\u003C/p>\u003Cp>\u003Cstrong>Example 1\u003C/strong> - A company wishes to outsource the management of its customer telephone reminders to a company located in a country outside the European Union.\u003C/p>\u003Cp>\u003Cstrong>Example 2\u003C/strong> - The employee data of a multinational is centralised by the parent company in the United States. The personal data of European employees is therefore transferred to the United States.\u003C/p>\u003Cp>The tools used to manage transfers are:\u003C/p>\u003Cul>\u003Cli>\u003Cp>Standard contractual clauses (SCCs)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Adequacy decision\u003C/p>\u003C/li>\u003Cli>\u003Cp>Binding corporate rules (BCRs)\u003C/p>\u003C/li>\u003Cli>\u003Cp>Administrative arrangement\u003C/p>\u003C/li>\u003Cli>\u003Cp>Derogation under Article 49 of the GDPR\u003C/p>\u003C/li>\u003Cli>\u003Cp>Code of conduct or certification mechanism\u003C/p>\u003C/li>\u003C/ul>","\u003Cp>Indicate the country of transfer and the tool used.\u003C/p>",[],[],{"id":216,"slug":217,"label":137,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":218,"displayConditions":9,"answers":219,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"1ce09a39-a1a0-4668-b90b-f76a61604fd2","pia_228",[],[220,223,226],{"id":221,"color":9,"rangeValue":9,"label":145,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":222},"040ce9d6-e9d2-4852-8492-6c0d7c7e6911",[],{"id":224,"color":9,"rangeValue":9,"label":149,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":225},"5c0536cd-0c36-4f7f-b32e-cb2152103723",[],{"id":227,"color":9,"rangeValue":9,"label":153,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":228},"01ec357e-c92f-4d81-9ff7-9de96cc6a0ed",[],[],{"id":231,"slug":232,"label":233,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":234,"sections":235},"e2fede20-15c1-4987-ab98-3f1ba54d98bf","risks-related-to-data-security","Risks related to data security",[],[236,254,349,416],{"id":237,"slug":238,"label":239,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":240,"questions":241,"sections":253},"46ade104-a4d0-4c13-9212-29232d368c15","mesures-de-securite-mises-en-oeuvre","Security measures implemented","\u003Cp>Initial measurements are the current or originally planned measurements on the device. These measures allow the initial risk to be assessed in terms of severity and likelihood.\u003C/p>\u003Cp>In the case of high risks, additional measures may mitigate the initial risks to make them acceptable. These remaining risks are called residual risks.\u003C/p>",[242],{"id":243,"slug":244,"label":245,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":251,"displayConditions":9,"answers":252,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"81663109-a827-48fb-b44d-80df5c86cfc9","pia_311","What are the specific measures implemented on the data processing activity ?","DynamicMultiple",13,"Multiple dynamic select (stakeholders, security measures...)","SecurityMeasure","Measures",[],[],[],{"id":255,"slug":256,"label":257,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":258,"questions":259,"sections":348},"a495897c-3f1d-4b7d-b0cc-a13e958136e7","pia_32","Illegitimate access to data","\u003Ch3>This section allows you to assess the privacy risks, taking into account existing or planned measures.\u003C/h3>\u003Cp>\u003Cem>Analyze the causes and consequences of illegitimate access to data, and estimate its severity and likelihood.\u003C/em>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[260,270,278,286,292,326],{"id":261,"slug":262,"label":263,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":264,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":268,"displayConditions":9,"answers":269,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"960c45db-6b52-4c89-902a-f22fccd4df56","pia_321","What might be the main impacts on those affected if the risk were to occur?","Enter an impact title","Tags",11,"Tags select",[],[],{"id":271,"slug":272,"label":273,"tooltipHtml":274,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":275,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":276,"displayConditions":9,"answers":277,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"91738af2-b796-4790-8fda-48033f28f6ce","pia_322","What are the main threats that could allow the risk to occur?","\u003Cp>Operating mode consisting of one or more unitary actions on data media / carriers. The threat may be used, intentionally or not, by sources of risk, and may then cause a feared event.\u003C/p>","Enter a threat title",[],[],{"id":279,"slug":280,"label":281,"tooltipHtml":282,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":283,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":284,"displayConditions":9,"answers":285,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"c1a1a5d5-06c6-42e8-a7fb-c4448ba2d366","pia_323","What sources of risk could they be?","\u003Cp>An individual, internal or external to the organisation, acting accidentally or deliberately (e.g. IT administrator, user, external attacker, competitor), or a non-human source (e.g. water, hazardous materials, non-targeted computer virus) who may be the source of a risk.\u003C/p>","Enter a risk source title",[],[],{"id":287,"slug":288,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":290,"displayConditions":9,"answers":291,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"0b942221-b3dd-4657-bfe4-c219523bc9ad","pia_324","What existing measures help address the risk?",[],[],{"id":293,"slug":294,"label":295,"tooltipHtml":296,"descriptionHtml":297,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":298,"displayConditions":9,"answers":299,"listQuestions":9,"required":35,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"5e1f58ec-31f1-4054-bfc4-6919d63d4488","pia_325","How do you estimate the severity of the risk, including potential impacts and initial actions?","\u003Cp>Severity represents the extent of a risk. It depends essentially on the detrimental nature of the potential impacts.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Negligible:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>The people concerned will not be affected or may experience some inconvenience, which they will overcome without difficulty.Examples of impacts:- physical: temporary headaches- material: loss of time in repeating procedures or waiting to carry them out, re-use of data for targeted advertising of everyday consumer products, etc.,- moral: simple annoyance, feeling of invasion of privacy without real harm (commercial intrusion), etc.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Limited:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>The people concerned could experience significant inconvenience, which they will be able to overcome despite some difficultiesExamples of impacts:- physical: minor physical ailment (e.g.: benign illness following non-compliance with contra-indications), defamation giving rise to physical reprisals, etc.- material: unscheduled payments (e.g.: unpaid invoices), etc.- moral: simple annoyance, feeling of invasion of privacy without any real prejudice (commercial intrusion), etc. material: unscheduled payments (e.g. erroneous fines), refusal of access to administrative or commercial services, targeted online advertising on an aspect of privacy that the person wished to keep confidential, etc. - moral: minor but objective psychological harm, feeling of invasion of privacy without irremediable harm, intimidation on social networks, etc.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Important:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>The people concerned could experience significant consequences, which they should be able to overcome, but with real and significant difficultiesExamples of impacts:- physical: serious physical ailment causing long-term damage (worsening of the state of health following poor treatment, or failure to comply with contraindications), alteration of physical integrity, etc.- material: embezzlement of money that is not irreversible (e.g. the loss of a car, the loss of a car, etc.). material: embezzlement of uncompensated money, targeted, one-off and non-recurring opportunities lost (mortgage, studies, work placements or employment, exam ban), loss of accommodation, loss of employment, etc. - moral: serious psychological condition (depression, phobia), feeling of invasion of privacy and irremediable harm, victim of blackmail, cyberbullying and mobbing, etc.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Maximum:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>The people concerned could suffer significant, even irremediable, consequences that they may not be able to overcome. Examples of impacts:\u003C/p>\u003Cul>\u003Cli>\u003Cp>physical: long-term or permanent physical ailment, permanent impairment of physical integrity, death\u003C/p>\u003C/li>\u003Cli>\u003Cp>material: financial peril, major debts, inability to work, inability to find alternative accommodation, loss of evidence in legal proceedings, loss of access to vital infrastructure (water, electricity), etc.\u003C/p>\u003C/li>\u003Cli>\u003Cp>moral: long-term or permanent psychological illness, criminal sanction, abduction, loss of family ties, inability to go to court, change of administrative status and/or loss of legal autonomy (guardianship), etc.\u003C/p>\u003C/li>\u003C/ul>","",[],[300,304,309,314,320],{"id":301,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":303},"3cb39ec4-c877-4df5-aed6-1ce3207a884f","(Not defined)",[],{"id":305,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":308},"20f03cea-011e-4273-83e6-149eb36a9597","#1ab586","Negligible",[],{"id":310,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":313},"92765ff2-cf52-43d0-8d59-ad1edeb572bc","#ffc107","Limited",[],{"id":315,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":319},"ed3cb341-4b12-4688-899d-345eeb6c05a9","#E7630A","Important",3,[],{"id":321,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":325},"5a9c002d-a633-4799-a21c-13f9518586a6","#dc3545","Maximum",4,[],{"id":327,"slug":328,"label":329,"tooltipHtml":330,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":331,"displayConditions":9,"answers":332,"listQuestions":9,"required":35,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"f1e0e5b1-1d73-4ac2-9217-9e98dec421db","pia_326","How do you estimate the likelihood of risk, including threats, sources of risk, and initial actions?","\u003Cp>The likelihood of a risk occurring. It depends essentially on the vulnerability of the media to the threats and the ability of the sources of risk to exploit them.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Negligible:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>It does not seem possible that the selected risk sources could carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in an organisation's premises to which access is controlled by badge and access code).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Limited:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>It seems difficult for the selected sources of risk to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in an organisation's premises to which access is controlled by badge).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Important:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>it seems possible for the selected risk sources to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in the offices of an organisation to which access is controlled by a receptionist).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Maximum:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>it seems extremely easy for the selected risk sources to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in the organisation's public hall).\u003C/p>",[],[333,336,339,342,345],{"id":334,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":335},"0004b9c2-ce14-480e-a105-61c5ad42357c",[],{"id":337,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":338},"aa4eb604-9f66-4a36-969c-b1306a1ac499",[],{"id":340,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":341},"d1f4b2e4-1814-453b-b6cf-5539efb13ee4",[],{"id":343,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":344},"b9fcf502-0b64-4986-a1fe-be3b0d803f75",[],{"id":346,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":347},"6a5e6a27-b82c-4735-bda9-a6416c6e859c",[],[],{"id":350,"slug":351,"label":352,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":353,"questions":354,"sections":415},"520ce8cb-37bb-481a-939e-7d045db66c85","pia_33","Unwanted modification of data","\u003Ch3>This section allows you to assess the privacy risks, taking into account existing or planned measures.\u003C/h3>\u003Cp>\u003Cem>Analyze the causes and consequences of an unwanted data change, and estimate its severity and likelihood.\u003C/em>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[355,360,365,370,375,395],{"id":356,"slug":357,"label":263,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":358,"displayConditions":9,"answers":359,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"de2b59a1-df03-4374-b45e-be2324719258","pia_331",[],[],{"id":361,"slug":362,"label":273,"tooltipHtml":274,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":363,"displayConditions":9,"answers":364,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"75630f9c-ff10-448c-9736-dbc68863bec5","pia_332",[],[],{"id":366,"slug":367,"label":281,"tooltipHtml":282,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":368,"displayConditions":9,"answers":369,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"a8a6c295-f699-47da-83d2-d4fb647645cc","pia_333",[],[],{"id":371,"slug":372,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":373,"displayConditions":9,"answers":374,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"c0c2fc93-418f-4009-8ffa-9aa6b3f3d4b6","pia_334",[],[],{"id":376,"slug":377,"label":295,"tooltipHtml":296,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":378,"displayConditions":9,"answers":379,"listQuestions":9,"required":35,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"6b0508db-97e1-4825-b89a-2dd8d8b3ace1","pia_335",[],[380,383,386,389,392],{"id":381,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":382},"5686c651-3c58-45e6-84c4-b3412e8c9fd2",[],{"id":384,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":385},"b658c468-2336-4602-ad1d-17a44eedbf9e",[],{"id":387,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":388},"d76097cc-0d00-487e-9ec6-d28b314c8dfc",[],{"id":390,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":391},"27a1abc5-41cf-451d-9ff3-1cda85fd87e8",[],{"id":393,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":394},"2d7b1abf-6333-4869-8fe4-aa62445de609",[],{"id":396,"slug":397,"label":329,"tooltipHtml":330,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":398,"displayConditions":9,"answers":399,"listQuestions":9,"required":35,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"80dc6a93-dc46-4a97-8deb-50d6839d8eff","pia_336",[],[400,403,406,409,412],{"id":401,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":402},"978307b8-140a-443f-b40c-22ba81473686",[],{"id":404,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":405},"88411825-9f7f-4c0d-ba43-0081e390c772",[],{"id":407,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":408},"6c273ece-827e-4f8f-8d88-303346f603cd",[],{"id":410,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":411},"fa332e79-bfdf-4476-946b-a900243251ff",[],{"id":413,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":414},"03f2cf50-38ce-4560-95a9-164cb1e65411",[],[],{"id":417,"slug":418,"label":419,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":420,"questions":421,"sections":482},"c38afad5-0724-4ae3-a35d-3ab799c0e4c3","pia_34","Disappearance of data","\u003Ch3>This section allows you to assess the privacy risks, taking into account existing or planned measures.\u003C/h3>\u003Cp>\u003Cem>Analyze the causes and consequences of a data loss, and estimate its severity and likelihood.\u003C/em>\u003C/p>\u003Cp>\u003Cbr>\u003C/p>",[422,427,432,437,442,462],{"id":423,"slug":424,"label":263,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":425,"displayConditions":9,"answers":426,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"2597e42c-9af2-4517-a425-3bff84b89e1e","pia_341",[],[],{"id":428,"slug":429,"label":273,"tooltipHtml":274,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":430,"displayConditions":9,"answers":431,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"c0ee5fad-e11a-400f-8366-d39cd8696f58","pia_342",[],[],{"id":433,"slug":434,"label":281,"tooltipHtml":282,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":265,"typeIndex":266,"typeColor":9,"typeIcon":9,"typeText":267,"dynamicSelectType":9,"editableOptions":32,"complianceRules":435,"displayConditions":9,"answers":436,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"1933fc5e-b8a5-4b17-809c-de192e534905","pia_343",[],[],{"id":438,"slug":439,"label":289,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":440,"displayConditions":9,"answers":441,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"7fee73f6-3032-4525-b713-134126faa2ce","pia_344",[],[],{"id":443,"slug":444,"label":295,"tooltipHtml":296,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":445,"displayConditions":9,"answers":446,"listQuestions":9,"required":35,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"2e3771b3-4d39-4f1b-b20a-9dd820a4f2da","pia_345",[],[447,450,453,456,459],{"id":448,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":449},"48f47062-9b06-4cb8-88e2-635d4954b706",[],{"id":451,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":452},"4762aa22-31e1-4589-8b8c-cf80ade928fc",[],{"id":454,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":455},"800f414c-9f5e-4159-804f-227b4dbd4a62",[],{"id":457,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":458},"bbeac69c-0ade-4f2a-8577-da9efeaad535",[],{"id":460,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":461},"797e57b8-198a-48e6-9648-96cb1c3e0070",[],{"id":463,"slug":464,"label":329,"tooltipHtml":330,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":465,"displayConditions":9,"answers":466,"listQuestions":9,"required":35,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"45d60488-e777-42ee-bc9e-8f298f685869","pia_346",[],[467,470,473,476,479],{"id":468,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":469},"4b64135c-53d1-4ba6-9105-92fd285d7e5a",[],{"id":471,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":472},"dcdd2aaa-a8f9-4892-9216-21318239e566",[],{"id":474,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":475},"468fabee-0826-4dc7-a087-43413631a7ee",[],{"id":477,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":478},"4007b7f0-dece-4001-9078-07b4f00f262d",[],{"id":480,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":481},"8caddc7a-6b52-4ec0-bbf6-e9016bd5bad4",[],[],{"id":484,"slug":485,"label":486,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":487,"sections":488},"53aea708-1f30-4d53-b497-eec41e8cb440","measures-envisaged-to-reduce-risks","Measures envisaged to reduce risks",[],[489,551,610],{"id":490,"slug":491,"label":492,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":493,"questions":494,"sections":550},"3e9f1e66-bcb1-4998-98bc-25c46e5e9547","pia_todo_32","Measures to reduce the risk of unauthorized access","\u003Cp>This section assesses the initial risks after implementing additional measures to mitigate those risks.\u003C/p>\u003Cp>Based on the measures considered, assess the level of severity and likelihood of the residual risk of illegitimate access to data.\u003C/p>",[495,501,507,528],{"id":496,"slug":497,"label":498,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":499,"displayConditions":9,"answers":500,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"fe12387c-97f7-4fc4-b119-655a071328ea","pia_todo_324","What measures are being considered to address the risk of illegitimate access to data?",[],[],{"id":502,"slug":503,"label":504,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":505,"displayConditions":9,"answers":506,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"b7d17d52-d4c0-4ac1-a3cb-540440d11220","pia_todo_321","Provide details of the action plan you will implement",[],[],{"id":508,"slug":509,"label":510,"tooltipHtml":296,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":511,"displayConditions":9,"answers":512,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"ed1a1218-cb94-4a48-bc5c-bcdabf1c1b47","pia_todo_325","How do you estimate the severity of the risk, particularly in terms of potential impacts and planned measures?",[],[513,516,519,522,525],{"id":514,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":515},"815959f6-ccc0-42b1-b6bb-a16f4c816a6d",[],{"id":517,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":518},"251c93b8-0679-47d4-a1a2-4aa2823e321e",[],{"id":520,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":521},"3509a001-1103-4a45-875a-30124e5cdbf3",[],{"id":523,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":524},"ff9b38b3-e11d-41d0-bb19-5703ae553de9",[],{"id":526,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":527},"4b2d02f7-7f8e-4c59-9b10-2cb932dd8262",[],{"id":529,"slug":530,"label":531,"tooltipHtml":532,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":533,"displayConditions":9,"answers":534,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"7872c46a-b736-4842-9e4f-4e150d640b66","pia_todo_326","How do you assess the likelihood of the risk, particularly in terms of the threats, sources of risk and measures envisaged?","\u003Cp>The likelihood of a risk occurring. It depends essentially on the vulnerability of the media to the threats and the ability of the sources of risk to exploit them.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Negligible:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>It does not seem possible that the selected risk sources could carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in an organisation's premises to which access is controlled by badge and access code).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Limited:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>It seems difficult for the selected sources of risk to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in an organisation's premises to which access is controlled by badge).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Important:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>it seems possible for the selected risk sources to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in the offices of an organisation to which access is controlled by a receptionist).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Maximum :\u003C/u>\u003C/strong>\u003C/p>\u003Cp>it seems extremely easy for the selected risk sources to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in the organisation's public hall).\u003C/p>",[],[535,538,541,544,547],{"id":536,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":537},"ed29676a-7d62-4684-b36a-38745a43ff1f",[],{"id":539,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":540},"33605fa1-527a-4b4b-b9c1-340ebe55e6eb",[],{"id":542,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":543},"0ab395ed-1b41-439c-8e33-abdc0fd36fd0",[],{"id":545,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":546},"d13b6f04-4e53-480d-896e-adf022a4d209",[],{"id":548,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":549},"f50c2bbe-d4b4-4ed2-b996-7d0cd16feceb",[],[],{"id":552,"slug":553,"label":554,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":555,"questions":556,"sections":609},"699aca21-e167-406c-b77c-6c0bdad8498e","pia_todo_33","Measures to reduce the risk of unwanted data modification","\u003Cp>This section assesses the initial risks after implementing additional measures to mitigate those risks.\u003C/p>\u003Cp>Based on the measures considered, assess the level of severity and likelihood of the residual risk of unwanted data change.\u003C/p>",[557,563,568,588],{"id":558,"slug":559,"label":560,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":561,"displayConditions":9,"answers":562,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"6ca909b6-dc4b-41f4-b740-b711cb82c7d7","pia_todo_334","What measures are being considered to address the risk of unwanted data modification?",[],[],{"id":564,"slug":565,"label":504,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":566,"displayConditions":9,"answers":567,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"c761deb8-7314-4964-a51a-9d27a37573e0","pia_todo_331",[],[],{"id":569,"slug":570,"label":510,"tooltipHtml":296,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":571,"displayConditions":9,"answers":572,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"8a84688d-1923-4b43-a676-3f999eb5e2dc","pia_todo_335",[],[573,576,579,582,585],{"id":574,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":575},"1547a33c-029b-46a9-af3f-c84a7470b1a6",[],{"id":577,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":578},"b15b9969-4969-4a84-911b-95edbbc1eb62",[],{"id":580,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":581},"07330d28-fff7-4dc1-929b-dfcf0f11d96a",[],{"id":583,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":584},"8b7fd137-b364-4160-869f-7da606635826",[],{"id":586,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":587},"02c6fa33-b2f1-4acd-b629-cc0cc6b02f31",[],{"id":589,"slug":590,"label":591,"tooltipHtml":330,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":592,"displayConditions":9,"answers":593,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"88b24eaa-dca6-4b15-a0b4-21c84d57e67f","pia_todo_336","How do you assess the likelihood of the risk, including the threats, sources of risk, and actions being considered?",[],[594,597,600,603,606],{"id":595,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":596},"3562f97b-d73c-490c-ad23-2a9cff21cf59",[],{"id":598,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":599},"0babf561-ae69-48df-bbf3-2943c4664490",[],{"id":601,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":602},"5bb8dfbe-d03c-4417-8762-b56e3c674e24",[],{"id":604,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":605},"b5fabf4c-67b2-40fa-8cba-bd54c6c23662",[],{"id":607,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":608},"045bbf29-7337-4bd1-813b-30f90b292077",[],[],{"id":611,"slug":612,"label":613,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":614,"questions":615,"sections":668},"b732bb28-117c-4d2a-8c24-a3db3ccf3d80","pia_todo_34","Measures to reduce the risk of data loss","\u003Cp>This section assesses the initial risks after implementing additional measures to mitigate those risks.\u003C/p>\u003Cp>Based on the measures considered, assess the severity and likelihood of the residual risk that the data will disappear.\u003C/p>",[616,622,627,647],{"id":617,"slug":618,"label":619,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":246,"typeIndex":247,"typeColor":9,"typeIcon":9,"typeText":248,"dynamicSelectType":249,"dynamicSelectTypeIndex":11,"dynamicSelectTypeColor":9,"dynamicSelectTypeIcon":9,"dynamicSelectTypeText":250,"editableOptions":35,"complianceRules":620,"displayConditions":9,"answers":621,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"6349a44f-fdee-450e-ba4d-f6849f7879c6","pia_todo_344","What measures are being considered to address the risk of data loss?",[],[],{"id":623,"slug":624,"label":504,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":29,"typeIndex":30,"typeColor":9,"typeIcon":9,"typeText":31,"dynamicSelectType":9,"editableOptions":32,"complianceRules":625,"displayConditions":9,"answers":626,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"c1ed8bd9-5ccc-4515-b3d1-4f281304f23a","pia_todo_341",[],[],{"id":628,"slug":629,"label":510,"tooltipHtml":296,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":630,"displayConditions":9,"answers":631,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"bdce8d48-f548-4e16-8046-afe770aed27e","pia_todo_345",[],[632,635,638,641,644],{"id":633,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":634},"7633e942-8a2e-4e9d-8308-d51c191edc47",[],{"id":636,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":637},"20164212-29fb-487e-b506-cb034c8b2151",[],{"id":639,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":640},"3eb7877f-c9d4-4531-bfd0-00f72ff9f0d8",[],{"id":642,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":643},"4cbc9a78-c0a1-47f4-acb4-cdfbc920a9f8",[],{"id":645,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":646},"fee0f867-b3da-4471-8537-1c7a41d132e4",[],{"id":648,"slug":649,"label":591,"tooltipHtml":650,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":651,"displayConditions":9,"answers":652,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"243ca5c0-cd64-4ba9-ac85-1e1373d61a7d","pia_todo_346","\u003Cp>he likelihood of a risk occurring. It depends essentially on the vulnerability of the media to the threats and the ability of the sources of risk to exploit them.\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Negligible:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>It does not seem possible that the selected risk sources could carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in an organisation's premises to which access is controlled by badge and access code).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Limited:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>It seems difficult for the selected sources of risk to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in an organisation's premises to which access is controlled by badge).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Important:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>it seems possible for the selected risk sources to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in the offices of an organisation to which access is controlled by a receptionist).\u003C/p>\u003Cp>\u003Cstrong>\u003Cu>Maximum:\u003C/u>\u003C/strong>\u003C/p>\u003Cp>it seems extremely easy for the selected risk sources to carry out the threat based on the characteristics of the media (e.g. theft of paper media stored in the organisation's public hall).\u003C/p>",[],[653,656,659,662,665],{"id":654,"color":9,"rangeValue":9,"label":302,"slug":9,"description":9,"score":20,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":655},"176566fb-1c6a-49ad-8ffc-ca78c5c4ee0a",[],{"id":657,"color":306,"rangeValue":9,"label":307,"slug":9,"description":9,"score":11,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":658},"f26810b3-e280-4f3a-9467-7c2efafe9c09",[],{"id":660,"color":311,"rangeValue":9,"label":312,"slug":9,"description":9,"score":30,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":661},"42156446-de2b-4ca0-ba86-78e2e49a3a20",[],{"id":663,"color":316,"rangeValue":9,"label":317,"slug":9,"description":9,"score":318,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":664},"ec423e6c-ce80-40ef-a550-fb73fedf9f5f",[],{"id":666,"color":322,"rangeValue":9,"label":323,"slug":9,"description":9,"score":324,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":667},"cd7b8dc0-02b5-42a0-9956-cc881740d991",[],[],{"id":670,"slug":671,"label":672,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":673,"sections":674},"2835b56c-6f19-4a67-886c-44666951b61d","review-and-validation","Review and validation",[],[675,709,743],{"id":676,"slug":677,"label":678,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":679,"questions":680,"sections":708},"d6443435-0d88-4745-9736-b29b495d8a02","avis-des-personnes-concernees","Reviews of the persons concerned","\u003Cp>The collection of the opinion of the data subjects or their representatives is provided for in Article 35 (9) of the GDPR. It can be carried out using the following tools:\u003C/p>\u003Cul>\u003Cli>\u003Cp>An anonymous \"customer - employee\" survey;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Feedback from the customer community;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Studies from other similar analyses;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Sociological research;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Opinion polls or workshops.\u003C/p>\u003C/li>\u003C/ul>",[681,700],{"id":682,"slug":683,"label":684,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":685,"displayConditions":9,"answers":686,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"cc1e7a6d-2c3f-4833-bff6-5c4119145621","pia_has_concerned_people_opinion","Have you received the opinion of the persons concerned or their representatives?",[],[687,691],{"id":688,"color":9,"rangeValue":9,"label":689,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":690},"96e9a878-df04-4326-aa7f-ac1d5e6ef431","Yes",[],{"id":692,"color":9,"rangeValue":9,"label":693,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":694},"30742671-d24f-4ca8-a9e6-778fea7208c3","No",[695],{"id":696,"label":697,"userId":9,"color":9,"description":698,"priority":699,"priorityIndex":30,"priorityColor":311,"priorityIcon":9,"priorityText":699},"7fdac83d-2f1f-4c54-8a1a-6d20fdc71d93","Gather the review of the persons concerned by the processing","\u003Cp>The review can be recovered using the following tools:\u003C/p>\u003Cul>\u003Cli>\u003Cp>An anonymous \"customer-employee\" survey;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Feedback from the customer community;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Studies from other similar analyses;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Sociological research;\u003C/p>\u003C/li>\u003Cli>\u003Cp>Opinion polls or workshops.\u003C/p>\u003C/li>\u003C/ul>","Medium",{"id":701,"slug":702,"label":703,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":704,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":705,"dynamicSelectType":9,"editableOptions":32,"complianceRules":706,"displayConditions":9,"answers":707,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"6a5a6612-2805-4f1b-988e-721afd81ef10","pia_concerned_people_opinion","Enter the review here","LongText","Long text",[],[],[],{"id":710,"slug":711,"label":712,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":9,"questions":713,"sections":742},"eea6375e-ccbe-473e-a7fa-d5c11118e158","avis-du-dpo-1","Review of the DPO",[714,729],{"id":715,"slug":716,"label":717,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":718,"displayConditions":9,"answers":719,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"6cac49a6-2da7-4dc8-8b7c-b3575c51abe0","has_dpo_opinion","Did you get the opinion of the DPO?",[],[720,723],{"id":721,"color":9,"rangeValue":9,"label":689,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":722},"38776a54-18b3-4e38-838e-f45d8425ab03",[],{"id":724,"color":9,"rangeValue":9,"label":693,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":725},"10c67b18-655a-4d42-9ebb-c71abb64e41e",[726],{"id":727,"label":728,"userId":9,"color":9,"description":297,"priority":699,"priorityIndex":30,"priorityColor":311,"priorityIcon":9,"priorityText":699},"5e057cd0-693b-4fab-b40a-0c22052cd2a2","Gather the opinion of the Data Protection Officer",{"id":730,"slug":731,"label":703,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":704,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":705,"dynamicSelectType":9,"editableOptions":32,"complianceRules":732,"displayConditions":733,"answers":741,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"71af9247-5d59-456d-9333-cca5658db7e4","pia_dpo_opinion",[],{"id":734,"separator":735,"field":9,"operator":736,"value":9,"rules":737},"e9d3bad4-ef19-4265-bfb5-d14e6dc8f701","And","equal",[738],{"id":739,"separator":9,"field":715,"operator":736,"value":721,"rules":740},"b0d722e3-34d8-412b-9cc0-10ba79cd21a0",[],[],[],{"id":744,"slug":745,"label":746,"emoji":9,"type":19,"typeIndex":20,"typeColor":9,"typeIcon":9,"typeText":21,"descriptionHtml":9,"questions":747,"sections":778},"09377ee5-ce9a-470d-9d74-35b65e2c0b9f","validation","Validation",[748,768],{"id":749,"slug":750,"label":751,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":138,"typeIndex":139,"typeColor":9,"typeIcon":9,"typeText":140,"dynamicSelectType":9,"editableOptions":32,"complianceRules":752,"displayConditions":9,"answers":753,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"8c63aebe-1929-497f-b67b-bf553c54fc42","is-the-validation-by-the-data-controller-formalized","Is the validation by the data controller formalized?",[],[754,759,763],{"id":755,"color":756,"rangeValue":9,"label":757,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":758},"90afe104-7533-4327-9c7e-28b66474708a","#6f42c1","Yes the analysis is validated and the risks are accepted",[],{"id":760,"color":311,"rangeValue":9,"label":761,"slug":9,"description":9,"score":9,"nonApplicable":32,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":762},"935dd948-f064-4848-a2ac-60d27959551d","No the analysis is not validated",[],{"id":764,"color":765,"rangeValue":9,"label":766,"slug":9,"description":9,"score":9,"nonApplicable":35,"tooltip":9,"goodAnswer":32,"redFlag":32,"impact":9,"probability":9,"taskSuggestions":767},"693617d9-09ca-419c-a23e-e7bcbb74ce7e","#b27320","Ongoing",[],{"id":769,"slug":770,"label":771,"tooltipHtml":9,"descriptionHtml":772,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":773,"typeIndex":774,"typeColor":9,"typeIcon":9,"typeText":775,"dynamicSelectType":9,"editableOptions":32,"complianceRules":776,"displayConditions":9,"answers":777,"listQuestions":9,"required":32,"requiredJustification":32,"suggestTask":32,"riskEnabled":35,"native":32},"e18dcc2e-cfae-4d46-87d5-68c1a0509157","joindre-lanalyse-signee","Attach the signed analysis","\u003Cp>The analysis must be signed by the data controller. In this case it will be the legal responsible of the organization or his representative.\u003C/p>","Attachments",12,"Files (attachments drop)",[],[],[],[],"b7fde3de-99e2-4e62-17f3-08da42104674","1.0","PIA (CNIL) - Privacy Impact Analysis","FuhY9ROUUja8L75NdKQL4siWyGxtvYN0UGk5KLZxRTbOM38ricNYnq8hTvXJ","Dastra - 1.1","https://static.dastra.eu/tenant-3/audit/0DpKLMnqk1xPNj/sans-titre-4-150.png","Template allowing to analyze the risks on privacy according to the CNIL's method. \nIt is possible to import the PIA realized with the CNIL tool on this template.\n\nVersion 1.0","2022-05-30T07:53:24.1352807","2026-04-09T15:25:35.7168132","PIA","Privacy impact assessment (DPIA)",{"id":792,"displayName":793,"familyName":794,"givenName":795,"email":796,"active":35,"color":797,"avatarUrl":798,"tenantId":20},38,"Paul-Emmanuel Bidault","Bidault","Paul-Emmanuel","paulemmanuel.bidault@dastra.eu","#FA4115","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg","DataProcessing","ds-icon-data-processing","Processing activity",[803],{"id":804,"displayName":805,"familyName":794,"givenName":806,"email":807,"active":35,"color":808,"avatarUrl":9,"tenantId":20},39,"Antoine Bidault","Antoine","antoine.bidault@dastra.eu","#197BBD",[810,818],{"id":811,"label":789,"type":812,"typeIndex":813,"typeColor":814,"typeIcon":815,"typeText":816,"color":817},"ff1dbf03-7561-4b63-996b-e899af94bb9a","AuditTemplate",9,"#83d162","ds-icon-audit","Questionnaire template","#C75FFC",{"id":819,"label":820,"type":812,"typeIndex":813,"typeColor":814,"typeIcon":815,"typeText":816,"color":821},"0e3edde6-fe96-4b8e-8572-e8b4a7063dba","GDPR","#F479D9",57,6]