[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fFetge2BmmFgc4PnqltApaxEEEeAwYiw_lQvcYTcaThg":3},{"sections":4,"resultAnalysis":672,"id":916,"version":917,"newVersion":21,"label":918,"isPinned":34,"isShared":34,"sharingToken":919,"isRevision":21,"isBlockAnalysisShared":34,"nbReferences":191,"referenceId":9,"nbResponses":11,"parentId":9,"revisionDescription":9,"logoUrl":920,"description":921,"scheduleIntervalDays":9,"versionNumber":28,"dateCreation":922,"dateUpdate":923,"dateArchived":9,"archived":21,"type":924,"typeIndex":925,"typeColor":9,"typeIcon":9,"typeText":926,"creator":927,"objectType":9,"defaultOwners":935,"tags":942,"privacyHubs":9,"nbQuestions":952,"nbQuestionsRequired":11,"nbDatas":11,"deadLineDays":9},[5,72,175,368,415,488,568],{"id":6,"slug":7,"label":8,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":13,"sections":71},"07672e02-1ed8-4ea1-b69d-fcdf8e4d50da","initial","General",null,"Default",0,"SectionType_Default",[14,35,49],{"id":15,"slug":16,"label":17,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":22,"displayConditions":9,"answers":23,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"aa325032-49d6-41ae-91b7-2a5d64715faa","a24c5d23-4e37-4730-b80d-e748eb7e869b","When did the GDPR come into force? ","Radio",7,"Unique choice list",false,[],[24,30],{"id":25,"color":26,"rangeValue":9,"label":27,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":29},"0d23c141-3b27-423e-9393-e4d984a5059f","#ffffff","25 May 2018",1,[],{"id":31,"color":26,"rangeValue":9,"label":32,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":33},"be757c7b-c13f-4b2b-9456-1532c88ab48b","24 May 2016",[],true,{"id":36,"slug":37,"label":38,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":39,"displayConditions":9,"answers":40,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"fe3133dc-6986-464c-b24a-1087f437c337","640eb278-5c81-4dab-8928-a0933541c6df","What is the purpose of the GDPR? ",[],[41,45],{"id":42,"color":26,"rangeValue":9,"label":43,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":44},"52b56a44-6a7d-4bec-88cf-e5ee68ee2076","Strengthening consumer confidence in digital services",[],{"id":46,"color":26,"rangeValue":9,"label":47,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":48},"0c6bb17e-98b3-46b5-994e-7f062e7a1041","Strengthening the framework for practices relating to the collection and use of personal data",[],{"id":50,"slug":51,"label":52,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":53,"displayConditions":9,"answers":54,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"176ade0d-2aa1-42f9-835d-99d5fbbcae46","who-is-affected-by-the-GDPR-","Who is affected by the GDPR?",[],[55,59,63,67],{"id":56,"color":26,"rangeValue":9,"label":57,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":58},"c7ed634d-a2b6-4e0d-b06e-5c83e4d0d880","Private organisations established on the territory of the European Union processing personal data",[],{"id":60,"color":26,"rangeValue":9,"label":61,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":62},"b51d0526-58b3-4758-9c18-f27528fe9b87","Public bodies established on the territory of the European Union processing personal data",[],{"id":64,"color":9,"rangeValue":9,"label":65,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":66},"02de59cc-8a42-4333-b035-767b1972e176","Private or public organisations established within the European Union ",[],{"id":68,"color":9,"rangeValue":9,"label":69,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":70},"714db8d1-16f1-40c4-94d1-1af5acdf8b10","Private or public bodies processing personal data established on the territory of the European Union or if their activity directly targets European residents",[],[],{"id":73,"slug":74,"label":75,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":76,"sections":174},"c9a411fb-fc19-45b2-b5c6-fd5cd329006b","personal-data-and-personal-data-processing","Personal data and the processing of personal data",[77,91,107,117,129,139,153],{"id":78,"slug":79,"label":80,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":81,"displayConditions":9,"answers":82,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"a4bd4db1-13f0-4736-9d75-519d93f48295","quest-ce-quune-donnee-personnelle-","What is personal data? ",[],[83,87],{"id":84,"color":26,"rangeValue":9,"label":85,"slug":9,"description":9,"score":9,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":86},"bfc1f3fe-78c4-499c-abed-00d88c02d254","Any information relating to an identified natural person",[],{"id":88,"color":26,"rangeValue":9,"label":89,"slug":9,"description":9,"score":9,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":90},"588a87aa-81b5-4741-9696-756a8baea5b6","Any information relating to an identified or identifiable natural person",[],{"id":92,"slug":93,"label":94,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":95,"displayConditions":9,"answers":96,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"bc9b3127-8aef-495d-a0d9-35a9f2247c5f","une-donnee-chiffre-demeure-une-donnee-personnelle-_1","Does encrypted data remain personal data?",[],[97,102],{"id":98,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":101},"7c789ba6-c075-4a11-9a59-1ed205afd646","#1ab586","Yes",[],{"id":103,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":106},"b755a276-7cf0-4143-88ea-e8899813cce2","#dc3545","No",[],{"id":108,"slug":109,"label":110,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":111,"displayConditions":9,"answers":112,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"e03fdb25-8e96-4d45-be4e-a529b4349ecf","une-donnee-chiffre-demeure-une-donnee-personnelle-","An encrypted data remains a personal data ?",[],[113,115],{"id":98,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":114},[],{"id":103,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":116},[],{"id":118,"slug":119,"label":120,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":121,"displayConditions":9,"answers":122,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"2f6506e2-1260-4f8f-ac67-94190e6a4ba9","une-donnee-anonymisee-demeure-une-donnee-personnelle-_1","Anonymised data remains personal data?",[],[123,126],{"id":124,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":125},"09a32dd4-fafa-4e4a-9c42-356bb2add5ab",[],{"id":127,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":128},"5a17034e-59be-41a4-856b-6e1d6efbb767",[],{"id":130,"slug":131,"label":132,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":133,"displayConditions":9,"answers":134,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"003515ba-6b10-4dbc-bb14-6dcc2f5265bb","une-donnee-anonymisee-demeure-une-donnee-personnelle-","Pseudonymised data is still personal data?",[],[135,137],{"id":124,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":136},[],{"id":127,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":138},[],{"id":140,"slug":141,"label":142,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":143,"displayConditions":9,"answers":144,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"dc9169e9-0373-48c9-aa9d-d97228cfa799","quest-ce-quun-traitement-de-donnees-personnelles-","What is personal data processing? ",[],[145,149],{"id":146,"color":26,"rangeValue":9,"label":147,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":148},"f4a14ff9-695a-41be-9c1e-b34e48ddaad0","Any operation or set of operations on data or data sets, whether or not performed by automated means",[],{"id":150,"color":26,"rangeValue":9,"label":151,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":152},"b09839ff-7fff-47ef-a20e-fc492047590e","Any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means",[],{"id":154,"slug":155,"label":156,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":157,"displayConditions":9,"answers":158,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"8373af26-e0fe-4607-ae2d-1ba82611f185","personal-data-collected-for-data-processing-are-freely-preserved-","Can personal data collected for data processing be retained for an unlimited period of time?",[],[159,163,167,171],{"id":160,"color":26,"rangeValue":9,"label":161,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":162},"5b02820e-0a67-455a-992a-73edd478ce77","Yes in the public sector",[],{"id":164,"color":26,"rangeValue":9,"label":165,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":166},"dd52f01f-559a-4bde-a0b2-e02f8cdabe03","Yes in the private sector",[],{"id":168,"color":9,"rangeValue":9,"label":169,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":170},"5efefdf7-5e2e-4d4e-be13-bdc0ece7e365","Yes in the private and public sector",[],{"id":172,"color":9,"rangeValue":9,"label":105,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":173},"52ebafa3-5ab9-4ca9-9322-7ca81c6d5572",[],[],{"id":176,"slug":177,"label":178,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":179,"sections":180},"b3be326a-d9f5-4211-bb25-77a4a413877c","the-different-roles","The different roles",[],[181,264,304,336],{"id":182,"slug":183,"label":184,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":185,"sections":263},"4dceb129-e472-4583-b4dc-56b0f97d7a5c","dpo-2-3-4","DPO",[186,207,221,233,245],{"id":187,"slug":188,"label":189,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":190,"typeIndex":191,"typeColor":9,"typeIcon":9,"typeText":192,"dynamicSelectType":9,"editableOptions":21,"complianceRules":193,"displayConditions":9,"answers":194,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"6887ae06-0c83-4f71-982f-8319d4e0e9c0","quest-ce-quun-dpo-","What is a DPO?","Checkbox",8,"Multi choice list",[],[195,199,203],{"id":196,"color":9,"rangeValue":9,"label":197,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":198},"59e817fa-2ec7-43c5-a384-15a70b30553d","A data protection officer",[],{"id":200,"color":9,"rangeValue":9,"label":201,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":202},"fcc9a273-8b41-42dc-a5ba-54252b0eef8e","Un data protection officer",[],{"id":204,"color":9,"rangeValue":9,"label":205,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":206},"c27a00b1-a4e0-4968-85ad-36a1fff81273","This is a controller",[],{"id":208,"slug":209,"label":210,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":211,"displayConditions":9,"answers":212,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"30537f88-769e-466d-9c21-b5fd9333f3bd","quel-est-le-role-du-dpo-","What is the role of the DPO?",[],[213,217],{"id":214,"color":26,"rangeValue":9,"label":215,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":216},"bf21d479-deb0-42ce-b5ff-228a8953a855","Responsible for the overall management of the application of the GDPR",[],{"id":218,"color":26,"rangeValue":9,"label":219,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":220},"0e216b7c-8c25-40d2-ade3-0c281ae2565b","Advise and support the organisation in achieving GDPR compliance",[],{"id":222,"slug":223,"label":224,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":225,"displayConditions":9,"answers":226,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"8e0d69fc-baf9-4fe3-99b6-f34f50207dd8","le-dpo-est-necessairement-un-avocat-ou-juriste-","The DPO is necessarily a lawyer or jurist ?",[],[227,230],{"id":228,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":229},"2b3f2ed8-5ff8-4ffb-a7ff-0fb055ca11c4",[],{"id":231,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":232},"e54c7564-b29f-4440-a379-58ce61545468",[],{"id":234,"slug":235,"label":236,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":237,"displayConditions":9,"answers":238,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"c2ac38b0-0b0b-48df-84d7-1979482515f1","2cb7ad49-bb77-4e66-af01-c3545fdf20b5","Is the appointment of a DPO always mandatory?",[],[239,242],{"id":240,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":241},"3c3a16be-8293-4aa1-b12e-1f87ed437c27",[],{"id":243,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":244},"527371aa-2483-4930-94ce-6245e1d4cef5",[],{"id":246,"slug":247,"label":248,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":190,"typeIndex":191,"typeColor":9,"typeIcon":9,"typeText":192,"dynamicSelectType":9,"editableOptions":21,"complianceRules":249,"displayConditions":9,"answers":250,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"71ff9b8c-a91e-4abf-879f-5ac7911c8885","dans-quels-cas-la-designation-dun-dpo-est-elle-obligatoire-","In which case(s) is the appointment of a DPO compulsory? ",[],[251,255,259],{"id":252,"color":9,"rangeValue":9,"label":253,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":254},"cc968612-3fad-4483-9330-b9479db4e8f5","Where processing is carried out by a public authority or public body",[],{"id":256,"color":9,"rangeValue":9,"label":257,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":258},"5b1aef87-534b-4f34-a0df-9eab3a5010bf","Where the core activities of the controller or processor consist of processing operations which require regular and systematic large-scale monitoring of data subjects",[],{"id":260,"color":9,"rangeValue":9,"label":261,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":262},"96978df9-0231-4e8e-8241-fa3ad7d5c6fe","Where the core activities of the controller or processor consist of large-scale processing of special categories of data or of personal data relating to criminal convictions and offences",[],[],{"id":265,"slug":266,"label":267,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":268,"sections":303},"57bbc06e-2ad4-424f-bad2-164eb93f4f93","controller-1","Data controller",[269,291],{"id":270,"slug":271,"label":272,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":273,"displayConditions":9,"answers":274,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"ad40eac9-551c-418a-b041-a24cc9913e89","quest-ce-quun-responsable-de-traitement-_1","What is a controller?",[],[275,279,283,287],{"id":276,"color":9,"rangeValue":9,"label":277,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":278},"5fa5d929-69fa-43a2-aaab-4abbc11fc00d","A natural or legal person determining the purposes and means of the processing",[],{"id":280,"color":9,"rangeValue":9,"label":281,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":282},"3b4389ad-e0a4-4a62-ac50-38b2cab76924","A public authority determining the purposes and means of the processing",[],{"id":284,"color":9,"rangeValue":9,"label":285,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":286},"f6affad0-b53a-49d6-a908-b77b881a02b0","A natural or legal person, public authority, service or other body which, alone or jointly with others, verifies and advises on the correct application of the GDPR",[],{"id":288,"color":9,"rangeValue":9,"label":289,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":290},"21d90509-49bf-4aef-9284-c01a5e2cb1d4","A natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing",[],{"id":292,"slug":293,"label":294,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":295,"displayConditions":9,"answers":296,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"5e900b44-3a98-47df-8032-8ca1f167d3ee","df15d32f-4995-4f1c-a31a-a08828a1ccf5","Can there be several controllers for the same processing operation?",[],[297,300],{"id":298,"color":26,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":299},"a18a3596-ca66-4162-9651-3903b07d851f",[],{"id":301,"color":26,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":302},"5d2e254d-a6b5-417c-ad93-68d43dd6f407",[],[],{"id":305,"slug":306,"label":307,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":308,"sections":335},"5579f47c-4848-4713-bdfb-cd4eef4d6d3e","subcontractor-1","Subcontractor",[309,323],{"id":310,"slug":311,"label":312,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":313,"displayConditions":9,"answers":314,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"a5ec7b6e-730e-4911-b19c-c032f193ceb8","quest-ce-quun-responsable-de-traitement-","What is a subcontractor?",[],[315,318,321],{"id":276,"color":9,"rangeValue":9,"label":316,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":317},"A natural or legal person, public authority, agency or other body which processes personal data on behalf of the data subject",[],{"id":288,"color":9,"rangeValue":9,"label":319,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":320},"A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller",[],{"id":284,"color":9,"rangeValue":9,"label":285,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":322},[],{"id":324,"slug":325,"label":326,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":327,"displayConditions":9,"answers":328,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"4bbe38b3-11f4-4b08-979e-4ab4b7559598","the-sub-contractor-must-constitute-a-register-of-his-treatments-","The sub-contractor must set up a register of its processing operations ? ",[],[329,332],{"id":330,"color":26,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":331},"b2a0a9b4-249d-4e6b-8e64-3c1e01c5ba91",[],{"id":333,"color":26,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":334},"04278460-525a-4fea-9a29-8deb91f391de",[],[],{"id":337,"slug":338,"label":339,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":340,"sections":367},"aede3aa5-62fb-4c16-8985-623b17efef5f","destinataires-1-2-3-4-5-6-7-8","Recipients",[341,355],{"id":342,"slug":343,"label":344,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":345,"displayConditions":9,"answers":346,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"d8697470-144f-4601-9184-9ee8efb4b5fa","qu'est-ce-qu'un-destinataire-dans-un-traitement-de-donnees-personnelles-","What is a recipient in a personal data processing operation?",[],[347,351],{"id":348,"color":26,"rangeValue":9,"label":349,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":350},"0b6d9305-d8d4-430d-9069-d7a84d37e1bc","The natural or legal person, public authority, agency or any other body receiving personal data, whether a third party or not",[],{"id":352,"color":26,"rangeValue":9,"label":353,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":354},"043f24dc-245b-4233-9b57-c49aee3a710b","Le responsable du traitement qui reçoit communication de données à caractère personnel",[],{"id":356,"slug":357,"label":358,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":359,"displayConditions":9,"answers":360,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"5fe1da96-c37d-4459-9b1a-f4958ee67525","un-sous-traitant-peut-il-etre-destinataire-de-donnees-personnelles-","Can a subcontractor be a recipient of personal data?",[],[361,364],{"id":362,"color":26,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":363},"a10365f1-5bd3-419d-9b29-3a53ab120861",[],{"id":365,"color":26,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":366},"70e96b03-60c2-4360-894d-51cd01237a98",[],[],{"id":369,"slug":370,"label":371,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":372,"sections":414},"64ce11b4-0f73-48c9-8c65-9ec4ca16dc76","purpose","The purposes and legal bases of the processing",[373,385,395],{"id":374,"slug":375,"label":376,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":377,"displayConditions":9,"answers":378,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"fd04a7ee-48b4-4b8f-a0d0-4482ce68cc50","un-traitement-de-donnees-personnelles-peut-il-avoir- plusieurs-finalites-_1","Can a personal data processing operation have several purposes?",[],[379,382],{"id":380,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":381},"8cbbb468-9732-49cd-b48c-3a98ba139b36",[],{"id":383,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":384},"76333584-3031-49be-b4c1-9ac2ecee36bd",[],{"id":386,"slug":387,"label":388,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":389,"displayConditions":9,"answers":390,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"25b24d0a-d2ed-4dd7-b771-cb147e8847c8","un-traitement-de-donnees-personnelles-peut-il-avoir- plusieurs-finalites-","Is it possible to indicate several legal bases for the purpose of data processing?",[],[391,393],{"id":380,"color":99,"rangeValue":9,"label":100,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":392},[],{"id":383,"color":104,"rangeValue":9,"label":105,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":394},[],{"id":396,"slug":397,"label":398,"tooltipHtml":9,"descriptionHtml":399,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":400,"displayConditions":9,"answers":401,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"5d4b15b0-8316-4595-bec5-4a58c81f5e6c","501a927a-26a6-4f23-9030-648c777ac51f","Is it possible to further process personal data from an initial processing for other purposes?","",[],[402,406,410],{"id":403,"color":26,"rangeValue":9,"label":404,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":405},"9b312b07-07e3-4671-b93d-8529f1675838","Yes in all cases",[],{"id":407,"color":26,"rangeValue":9,"label":408,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":409},"20b66423-f3a6-4163-a02a-5fa0585106fa","Non jamais",[],{"id":411,"color":9,"rangeValue":9,"label":412,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":413},"79a0fa52-4e05-4dce-94f2-f0856aba9438","Yes when there is compatibility of purposes",[],[],{"id":416,"slug":417,"label":418,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":419,"sections":487},"7d9180fc-60e7-45f4-be4b-b254f2cecf14","transfer-hors-ue","Transfers outside the EU",[420,434,448,470],{"id":421,"slug":422,"label":423,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":424,"displayConditions":9,"answers":425,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"245452aa-0004-4f01-8ddb-2d994f890f50","828dde4c-6727-4986-886b-fe7b78cc2fa6","The GDPR lays down the fundamental principle that any transfer of personal data outside the EU/EEA is prohibited",[],[426,430],{"id":427,"color":26,"rangeValue":9,"label":428,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":429},"4e1a30d2-f401-405b-a575-e3181935561d","True",[],{"id":431,"color":26,"rangeValue":9,"label":432,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":433},"739991bf-db48-4169-b38e-f14a278c139b","False",[],{"id":435,"slug":436,"label":437,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":438,"displayConditions":9,"answers":439,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"f47f46b6-5297-4a61-a508-dd19a172f840","un-transfert-hors-union-europeenne-est-il-encadre-","Are there any justifications for controllers and processors to transfer data outside the European Union (EU) and the European Economic Area (EEA)?",[],[440,444],{"id":441,"color":26,"rangeValue":9,"label":442,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":443},"c3f9e898-e138-4afe-b1d9-109b8c45220a","Yes, a sufficient and appropriate level of data protection must be ensured",[],{"id":445,"color":26,"rangeValue":9,"label":446,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":447},"b2dbd70b-2a08-4651-97b2-072899f86310","No the only justification for a data transfer outside the EU or EEA is the consent of the data subject",[],{"id":449,"slug":450,"label":451,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":190,"typeIndex":191,"typeColor":9,"typeIcon":9,"typeText":192,"dynamicSelectType":9,"editableOptions":21,"complianceRules":452,"displayConditions":9,"answers":453,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"f36f85b6-00ec-4ec7-bc1a-0ca82414d4f5","6f16ed27-0220-4204-9014-c7061ae546a3","What legal tools can be used to regulate transfers?",[],[454,458,462,466],{"id":455,"color":9,"rangeValue":9,"label":456,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":457},"bbfe091c-29b2-483d-a487-dd8c0aa4d720","Matching decisions",[],{"id":459,"color":9,"rangeValue":9,"label":460,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":461},"2cffbbf5-fd81-4d1b-b1c2-8547d3cfec46","Appropriate guarantees",[],{"id":463,"color":9,"rangeValue":9,"label":464,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":465},"7080bc44-6dc7-4e9c-99d6-c8a8631f2145","Exemptions",[],{"id":467,"color":9,"rangeValue":9,"label":468,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":469},"3196ee83-70c6-4b43-8b3a-ad92b8bacffd","Exceptions",[],{"id":471,"slug":472,"label":473,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":474,"displayConditions":9,"answers":475,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"6c7cf2fc-7c94-4ef5-99f8-1d417cc38ed0","97186cdf-bd73-4efe-abc3-b31d616ae2f5","Should transfers be listed in the processing register?",[],[476,480,484],{"id":477,"color":26,"rangeValue":9,"label":478,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":479},"1d47981e-ed92-4644-a052-ce51e3099fcf","Yes, the controller and subcontractor must list transfers",[],{"id":481,"color":26,"rangeValue":9,"label":482,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":483},"46cdff93-9292-437a-8994-b8603bef854b","Yes the controller must list transfers",[],{"id":485,"color":9,"rangeValue":9,"label":105,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":486},"09b303a7-91ec-42fd-b528-f610b64c3647",[],[],{"id":489,"slug":490,"label":491,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":492,"sections":567},"1cc3d6cd-3add-41d0-884a-3ed85fd5306a","exercise-rights","Data subject rights requests",[493,511,523,553],{"id":494,"slug":495,"label":496,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":497,"displayConditions":9,"answers":498,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"06294c78-1240-4767-a4e5-4603ce1d2837","qui-est-concerne-par-lexercice-des-droits-","Who is concerned by the exercise of rights? ",[],[499,503,507],{"id":500,"color":26,"rangeValue":9,"label":501,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":502},"e189282c-0a96-451a-9caf-5e09899acb4c","Only private organisations established in Europe",[],{"id":504,"color":26,"rangeValue":9,"label":505,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":506},"fadd1c7c-ee00-4995-b668-6959e91856c5","Private organisations established outside the European Union ",[],{"id":508,"color":9,"rangeValue":9,"label":509,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":510},"792561ae-ae13-4f78-97e1-29e4932d25ac","Public or private organisations established in Europe or established outside the European Union but processing personal data of Europeans",[],{"id":512,"slug":513,"label":514,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":515,"displayConditions":9,"answers":516,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"f8004983-fe0c-42e4-afc6-07c51aecadc0","bdf2027f-07a5-4cf0-a064-d80b2c28a65f","Companies or organisations processing personal data have an obligation to facilitate the exercise of rights ? ",[],[517,520],{"id":518,"color":26,"rangeValue":9,"label":100,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":519},"4a889e4e-1fb4-41ed-a43a-07c737c94b31",[],{"id":521,"color":26,"rangeValue":9,"label":105,"slug":9,"description":9,"score":9,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":522},"9af700cf-9072-4e03-9629-73000ec97129",[],{"id":524,"slug":525,"label":526,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":190,"typeIndex":191,"typeColor":9,"typeIcon":9,"typeText":192,"dynamicSelectType":9,"editableOptions":21,"complianceRules":527,"displayConditions":9,"answers":528,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"3845a310-c039-4bc9-a957-dac71c2c0a1c","quel-est-le-delai-pour-apporter-une-reponse-a-que-demande-dexercice-de-droit-","What is the deadline for responding to a request to exercise a right?",[],[529,533,537,541,545,549],{"id":530,"color":9,"rangeValue":9,"label":531,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":532},"7b253897-3156-41c4-9285-c0e5cddb6663","1 week",[],{"id":534,"color":9,"rangeValue":9,"label":535,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":536},"58e61045-3862-493a-807b-e0a967ac3048","2 weeks",[],{"id":538,"color":9,"rangeValue":9,"label":539,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":540},"2e615164-d6bb-483f-8c8c-39bd9794f694","1 month ",[],{"id":542,"color":9,"rangeValue":9,"label":543,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":544},"7393253e-5641-48b0-bb88-acc01c8e6cb9","2 months ",[],{"id":546,"color":9,"rangeValue":9,"label":547,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":548},"5e928966-15f8-4d69-a140-71ae7e621f4a","4 months",[],{"id":550,"color":9,"rangeValue":9,"label":551,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":552},"9b5536c7-7a04-4b1a-8ccd-8c9db614e9d7","6 months",[],{"id":554,"slug":555,"label":556,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":557,"displayConditions":9,"answers":558,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"79e8e01f-d234-4546-b4cb-4acd9ce00505","le-delai-peut-il-etre-augmente-","Can the time limit for responding to a request to exercise a right be increased? ",[],[559,563],{"id":560,"color":26,"rangeValue":9,"label":561,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":562},"cd4ce219-5e45-4e05-8385-b6b9cbdb11f4","Yes in case of complex request",[],{"id":564,"color":26,"rangeValue":9,"label":565,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":566},"9ff9e6f0-933e-4b74-89d6-cc1765a545b2","No the deadline is deemed sufficient to provide a response to any request",[],[],{"id":569,"slug":570,"label":571,"emoji":9,"type":10,"typeIndex":11,"typeColor":9,"typeIcon":9,"typeText":12,"descriptionHtml":9,"questions":572,"sections":671},"ef66a4bd-32fa-4ab8-8291-ab4b0b06528b","data breaches","Data breaches",[573,591,609,631,649],{"id":574,"slug":575,"label":576,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":190,"typeIndex":191,"typeColor":9,"typeIcon":9,"typeText":192,"dynamicSelectType":9,"editableOptions":21,"complianceRules":577,"displayConditions":9,"answers":578,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"562e704a-fa56-4c18-a85d-15764d2b9397","quest-ce-quune-violation-de-donnees-","What is a data breach? ",[],[579,583,587],{"id":580,"color":9,"rangeValue":9,"label":581,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":582},"46479f77-b438-4d9f-883e-ae439d97f1fd","Any security incident, whether malicious or not and whether intentional or unintentional, which has the effect of compromising the integrity, confidentiality or availability of personal data.",[],{"id":584,"color":9,"rangeValue":9,"label":585,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":586},"1a1383bb-c0f1-45f4-a19c-dfa35cdf4ad7","Any malicious and intentional security incident that compromises the integrity, confidentiality or availability of personal data",[],{"id":588,"color":9,"rangeValue":9,"label":589,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":590},"5ef7b118-16ec-4053-b5df-b1e929d375b5","The accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed",[],{"id":592,"slug":593,"label":594,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":190,"typeIndex":191,"typeColor":9,"typeIcon":9,"typeText":192,"dynamicSelectType":9,"editableOptions":21,"complianceRules":595,"displayConditions":9,"answers":596,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"c6843bd1-cf21-4a86-b5ce-6b7ab4e5af0d","0adb79fe-cf54-4af7-8366-71de1dcce4e3","Who is affected by data breaches? ",[],[597,601,605],{"id":598,"color":9,"rangeValue":9,"label":599,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":600},"863e3104-7bc6-4dd9-bf7c-b463dd1e2b64","All organisations, whether public or private and regardless of their size, are subject to these obligations as soon as they process personal data and become aware of a personal data breach.",[],{"id":602,"color":9,"rangeValue":9,"label":603,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":604},"7a16474a-0190-40c9-a611-97a005321801","Only providers of electronic communication services",[],{"id":606,"color":9,"rangeValue":9,"label":607,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":608},"c5c2b007-538b-4255-9f2f-2a8e2a37cf4a","Processors, who process personal data on behalf of a controller, also have breach obligations",[],{"id":610,"slug":611,"label":612,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":613,"displayConditions":9,"answers":614,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"07b8a1c9-d22a-487b-83ac-8be9cf1f2eb9","1eef0320-90f8-4f53-b549-79a0d575ff46","What is the maximum time limit for the data controller to notify the data protection authorities in the event of a data breach? ",[],[615,619,623,627],{"id":616,"color":26,"rangeValue":9,"label":617,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":618},"f556a3c0-d7fd-441c-af59-a70a1889c38f","48 hours",[],{"id":620,"color":26,"rangeValue":9,"label":621,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":622},"6c194922-1124-48d4-9470-b03157ae6491","96 hours",[],{"id":624,"color":9,"rangeValue":9,"label":625,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":626},"98d9adb4-e7da-4a26-aa41-5322b2c1992f","72 hours",[],{"id":628,"color":9,"rangeValue":9,"label":629,"slug":9,"description":9,"score":9,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":630},"32bdd529-e573-438e-9235-106293c7e016","36 hours",[],{"id":632,"slug":633,"label":634,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":635,"displayConditions":9,"answers":636,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"1a67409b-5d6e-4818-a2ec-4b29a8654f1f","c33ba174-1824-4a0c-86d9-f68797cb8e73","Should data subjects affected by the data breach be informed of the data breach?",[],[637,641,645],{"id":638,"color":26,"rangeValue":9,"label":639,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":640},"1b817f7a-e169-4b22-87cc-c45bf4d95df4","Never",[],{"id":642,"color":26,"rangeValue":9,"label":643,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":644},"abbbeb81-cfcf-47f6-9e98-4654f094ed52","Yes, data subjects are always informed of the data breach",[],{"id":646,"color":9,"rangeValue":9,"label":647,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":648},"c740604b-9971-4508-93bb-e1aeef40913b","Yes, data subjects are informed of the data breach presenting a high risk to their rights and freedoms",[],{"id":650,"slug":651,"label":652,"tooltipHtml":9,"descriptionHtml":9,"badResponseCommentHtml":9,"goodResponseCommentHtml":9,"placeholder":9,"min":9,"max":9,"regex":9,"unit":9,"type":18,"typeIndex":19,"typeColor":9,"typeIcon":9,"typeText":20,"dynamicSelectType":9,"editableOptions":21,"complianceRules":653,"displayConditions":654,"answers":662,"listQuestions":9,"required":21,"requiredJustification":21,"suggestTask":21,"riskEnabled":34,"native":21},"4fa6c8ac-3ff9-436e-aef7-caebd6e720e6","c6b1e945-fb71-4e90-bb9e-0fbe40f217a3","In the event of high risk, is it possible to waive the obligation to inform the persons concerned? ",[],{"id":655,"separator":656,"field":9,"operator":657,"value":9,"rules":658},"bf0f4bc0-7730-4fee-bbcb-5071e5163288","And","equal",[659],{"id":660,"separator":9,"field":632,"operator":657,"value":646,"rules":661},"99135652-4ac8-4178-aa00-b3e3dd216bda",[],[663,667],{"id":664,"color":26,"rangeValue":9,"label":665,"slug":9,"description":9,"score":28,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":666},"175ffcd5-78cf-44e3-8266-97d09619591b","Yes, if the data is protected by appropriate technical and organisational safeguards and is therefore incomprehensible to anyone who is not authorised to access it",[],{"id":668,"color":26,"rangeValue":9,"label":669,"slug":9,"description":9,"score":11,"nonApplicable":21,"tooltip":9,"goodAnswer":21,"redFlag":21,"impact":9,"probability":9,"taskSuggestions":670},"622aace0-13be-4c09-b4ca-b3d165cefa6f","No, in the event of a high risk to rights and freedoms, data subjects must systematically be informed",[],[],[673,690,703,712,722,731,756,766,774,793,812,828,841,855,871,886,901],{"id":674,"label":675,"variant":676,"variantIndex":11,"variantColor":677,"variantIcon":678,"variantText":679,"contentHtml":680,"displayConditions":681},"ec7b6891-3b77-4a47-ba06-b59095ac3d21","What is the purpose of the GDPR?","Info","#1E8EE1","icon-alert-circle","Information","\u003Cp>The GDPR defines a legal context to provide a framework for the processing of personal data throughout the European Union.\u003C/p>\u003Cp>It harmonises the rules in Europe by providing a single legal framework for professionals. It will enable them to develop their digital activities within the EU on the basis of user trust.\u003C/p>\u003Cp>This is the proposed ePrivacy Regulation, which aims to strengthen consumer confidence in the supply of digital (online) services, simplify the rules on cookies and make companies' marketing more transparent.\u003Cbr>This regulation would be intended to complement the GDPR.\u003C/p>",{"id":682,"separator":656,"field":9,"operator":657,"value":9,"rules":683},"715856a3-8fa0-44ae-9c34-80f4d1062518",[684,687],{"id":685,"separator":9,"field":36,"operator":657,"value":42,"rules":686},"4c5b3a0c-cd3d-4122-ba30-9e9da59480ea",[],{"id":688,"separator":9,"field":36,"operator":657,"value":46,"rules":689},"251c467f-8e84-4738-8dcb-78f5699bb502",[],{"id":691,"label":692,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":696,"displayConditions":697},"9562432a-252d-42d9-9b85-f460e5581688","Anonymised data","Warning",2,"#ffc107","\u003Cp>Anonymised data makes it impossible, in practice, to identify the person and does so irreversibly.\u003Cbr>Anonymised data therefore no longer meets the definition of personal data.\u003C/p>",{"id":698,"separator":656,"field":9,"operator":657,"value":9,"rules":699},"f902a1ff-f34d-4254-8958-677dd3d993bb",[700],{"id":701,"separator":9,"field":118,"operator":657,"value":9,"rules":702},"b3675c79-d3fb-41bb-82a2-75fc654cb48d",[],{"id":704,"label":692,"variant":676,"variantIndex":11,"variantColor":677,"variantIcon":678,"variantText":679,"contentHtml":696,"displayConditions":705},"150fbb62-3833-4a93-af9a-a3e5050bce55",{"id":706,"separator":707,"field":9,"operator":657,"value":9,"rules":708},"a50da43c-e63c-4e62-8768-a86993fc77c9","Or",[709],{"id":710,"separator":9,"field":130,"operator":657,"value":127,"rules":711},"63c54272-e5c5-49d7-ad5f-e8efea624370",[],{"id":713,"label":714,"variant":676,"variantIndex":11,"variantColor":677,"variantIcon":678,"variantText":679,"contentHtml":715,"displayConditions":716},"4c52c403-517c-446a-9ff9-6d14e27c6bd2","Personal data and identified or identifiable natural persons","\u003Cp>Personal data is: any information relating to an identified or identifiable natural person (art 4. 1 GDPR)\u003C/p>\u003Cp>An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;\u003C/p>",{"id":717,"separator":707,"field":9,"operator":657,"value":9,"rules":718},"788f5157-1536-4297-99ac-a32d1c2f5cdb",[719],{"id":720,"separator":9,"field":78,"operator":657,"value":84,"rules":721},"b42f6d50-0a8b-4dfa-9828-6b5c69b1cbb8",[],{"id":723,"label":714,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":724,"displayConditions":725},"a8a53c71-06c1-4152-a75d-465e7025abb3","\u003Cp>Personal data is: any information relating to an identified or identifiable natural person (art 4. 1 GDPR)\u003C/p>\u003Cp>An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.\u003C/p>",{"id":726,"separator":707,"field":9,"operator":657,"value":9,"rules":727},"420e403c-a1fa-479b-8f53-cc162f03174a",[728],{"id":729,"separator":9,"field":78,"operator":657,"value":84,"rules":730},"ee2bb452-9bce-4408-8442-8fe4e27fb2aa",[],{"id":732,"label":733,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":734,"displayConditions":735},"ec6edbef-5b4b-4ccb-8ba1-a4eac324eb9f","Encrypted, coded or pseudonymised personal data","\u003Cp>Encrypted, coded, or pseudonymised personal data does not make it impossible to identify the data subject in an irreversible manner.\u003C/p>\u003Cp>For example, pseudonymisation is the processing of personal data in such a way that data relating to a natural person can no longer be attributed without further information. \u003C/p>\u003Cp>In practice, pseudonymisation involves replacing directly identifying data (surname, first name, etc.) in a dataset with indirectly identifying data (alias, sequential number, etc.).\u003C/p>\u003Cp>Pseudonymisation thus makes it possible to process the data of individuals without being able to identify them directly. \u003C/p>\u003Cp>However, in practice, it remains possible to trace the identity of data subjects using third-party data&nbsp;: the data concerned therefore retain a personal character.\u003C/p>",{"id":736,"separator":656,"field":9,"operator":657,"value":9,"rules":737},"6fcbe36f-0173-49ae-9332-b931da538683",[738,741,744,747,750,753],{"id":739,"separator":9,"field":92,"operator":657,"value":98,"rules":740},"0c5e0579-eeed-4c40-916b-a0669349f3c6",[],{"id":742,"separator":9,"field":92,"operator":657,"value":103,"rules":743},"f2092973-04a2-4fd1-bb1b-04793160ef15",[],{"id":745,"separator":9,"field":108,"operator":657,"value":98,"rules":746},"43a1d79e-ca8b-422d-8b71-76c709470d5a",[],{"id":748,"separator":9,"field":108,"operator":657,"value":103,"rules":749},"53675aa9-a042-4e54-bfd4-3526174cc72f",[],{"id":751,"separator":9,"field":130,"operator":657,"value":124,"rules":752},"f17e0b44-fcf1-4edc-8fd6-2b4130e2c6d8",[],{"id":754,"separator":9,"field":130,"operator":657,"value":127,"rules":755},"1dd80f18-2788-47ca-bd40-ce65f07c926e",[],{"id":757,"label":758,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":759,"displayConditions":760},"6c521df5-95b1-4eb0-9189-ed884ef73e09","Joint responsibility","\u003Cp>It is possible for two or more data controllers to jointly determine the purposes and means of the processing, they are thus jointly responsible for the processing. \u003C/p>\u003Cp>This possibility of joint responsibility implies that decisions are taken in agreement with all those responsible. \u003C/p>\u003Cp>To avoid any confusion, it is essential to clearly identify the roles and obligations of each.\u003C/p>",{"id":761,"separator":707,"field":9,"operator":657,"value":9,"rules":762},"3d2da16e-ce55-46da-ac30-f43b72b44c7d",[763],{"id":764,"separator":9,"field":292,"operator":657,"value":301,"rules":765},"6783f11d-28a1-45a3-a14d-e1558eac48cb",[],{"id":767,"label":758,"variant":676,"variantIndex":11,"variantColor":677,"variantIcon":678,"variantText":679,"contentHtml":759,"displayConditions":768},"1c095f78-19a8-4fe6-ab8b-eb729f34aa7e",{"id":769,"separator":707,"field":9,"operator":657,"value":9,"rules":770},"06ebc210-ca6e-4195-8452-cab356a746fd",[771],{"id":772,"separator":9,"field":292,"operator":657,"value":301,"rules":773},"15708123-5fb8-4c4a-b762-2d9b320bd54c",[],{"id":775,"label":776,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":777,"displayConditions":778},"818b9e0f-1e64-4f75-a4a0-6c5e644d6a64","Shelf life","\u003Cp>Personal data cannot be kept indefinitely.\u003C/p>\u003Cp>The data controller must define a retention period based on the purpose that led to the collection of this data.\u003C/p>\u003Cp>This principle of limited retention of personal data is provided for by the GDPR and the Data Protection Act. \u003C/p>\u003Cp>In some cases, the period &nbsp;of retention is set by the regulations (for example, Article L3243-4 of the Labour Code requires the employer to keep a duplicate of the employee's payslip for 5 years).\u003C/p>\u003Cp>However, for many data processing operations, the retention period is not set by a text. It is then up to the person responsible for the file to determine it according to the purpose of the processing.\u003C/p>",{"id":779,"separator":656,"field":9,"operator":657,"value":9,"rules":780},"04bd5605-723a-4343-bf31-7f8064338331",[781,784,787,790],{"id":782,"separator":9,"field":154,"operator":657,"value":160,"rules":783},"832656bc-ccc7-4ed4-949e-d8ac3befb577",[],{"id":785,"separator":9,"field":154,"operator":657,"value":164,"rules":786},"50c78aa3-20e0-487c-ad5f-49b960f88afc",[],{"id":788,"separator":9,"field":154,"operator":657,"value":168,"rules":789},"8075e5c5-4168-4330-a26e-e32e7d74a2b7",[],{"id":791,"separator":9,"field":154,"operator":657,"value":172,"rules":792},"33b1908a-c5bb-4e3f-9e97-c64c4c4a0e95",[],{"id":794,"label":795,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":796,"displayConditions":797},"6c630eb1-6f34-4c42-b2cb-12079f43b4c2","Legal tools for managing transfers outside the EU or EEA","\u003Cp>When a State presents \u003Cu>no adequacy decision and appropriate safeguards\u003C/u>, it is possible to implement a transfer on the basis of \u003Cstrong>Article 49 of the GDPR. \u003C/strong>\u003C/p>\u003Cp>Article 49 of the GDPR lays down conditions for the use of this mechanism: consent ; transfer necessary for the performance of the contract or \u003Cstrong>the conclusion or performance of a contract\u003C/strong> \u003Cstrong>concluded in the interests of the data subject or on important grounds of public interest\u003C/strong> or for \u003Cstrong>the establishment, the exercise or defence of legal claims or the safeguarding of the vital interests of the data subject or other persons or the transfer takes place from a register\u003C/strong> which is lawfully intended to provide information to the public and is open to consultation by the public or any person demonstrating a legitimate interest. \u003Cbr>\u003Cbr>However, Article 49-1 of the GDPR is applicable only in cases where the transfer : \u003C/p>\u003Cul>\u003Cli>\u003Cp>is not \u003Cstrong>repetitive\u003C/strong>,\u003C/p>\u003C/li>\u003Cli>\u003Cp>affects only a \u003Cstrong>limited number of data subjects\u003C/strong>,\u003C/p>\u003C/li>\u003Cli>\u003Cp>is \u003Cstrong>necessary for the purposes of overriding legitimate interests\u003C/strong> pursued by the controller over which the interests or rights and freedoms of the data subject do not take precedence, \u003C/p>\u003C/li>\u003Cli>\u003Cp>and if the controller has assessed all the circumstances surrounding the data transfer and has offered, on the basis of that assessment, \u003Cstrong>appropriate safeguards with respect to the protection of personal data. \u003C/strong>\u003C/p>\u003C/li>\u003C/ul>\u003Cp>The assessment made by the body and the guarantees put in place to frame the transfer, must be recorded in the controller's or processor's register.\u003C/p>",{"id":798,"separator":656,"field":9,"operator":657,"value":9,"rules":799},"4e073fb8-ea37-4b1c-9303-63a474273c12",[800,803,806,809],{"id":801,"separator":9,"field":449,"operator":657,"value":455,"rules":802},"4a987c7b-4844-4123-8797-dfa187cc1b13",[],{"id":804,"separator":9,"field":449,"operator":657,"value":459,"rules":805},"00d21259-968c-4040-a852-4f0805327c72",[],{"id":807,"separator":9,"field":449,"operator":657,"value":463,"rules":808},"dccc3b6e-af68-49ad-87da-7397c7c50854",[],{"id":810,"separator":9,"field":449,"operator":657,"value":467,"rules":811},"6c39925d-9305-403b-bc97-4d55e8475567",[],{"id":813,"label":814,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":815,"displayConditions":816},"9328517c-dbb8-4804-bce5-92639a6a7ce9","List transfers in the processing register","\u003Cp>The controller's register must list all the processing operations carried out by your organisation.\u003C/p>\u003Cp>In practice, a register sheet must therefore be drawn up for each of these activities.\u003C/p>\u003Cp>This register must include the name and contact details of your organisation as well as, &nbsp;if applicable, your representative, if your organisation is not established in the European Union, and your data protection officer if you have one. \u003C/p>\u003Cp>In addition, for each processing activity, the record sheet must include at least the following:\u003C/p>\u003Col>\u003Cli>\u003Cp>where applicable, the name and contact details of the joint controller of the processing carried out\u003C/p>\u003C/li>\u003Cli>\u003Cp>the purposes of the processing, the purpose for which you collected the data\u003C/p>\u003C/li>\u003Cli>\u003Cp>the categories of data subjects (customer, prospect, employee, etc. )\u003C/p>\u003C/li>\u003Cli>\u003Cp>the categories of personal data (examples&nbsp;: identity, family, economic or financial situation, bank data, connection data, location data, etc. )\u003C/p>\u003C/li>\u003Cli>\u003Cp>the categories of recipients to whom the personal data has been or will be disclosed, including the processors you use\u003C/p>\u003C/li>\u003Cli>\u003Cp>the transfers of personal data to a third country or to an international organisation and, in certain very specific cases, the guarantees provided for these transfers&nbsp;; \u003C/p>\u003C/li>\u003Cli>\u003Cp>the deadlines laid down for the erasure of the various categories of data, i.e. the retention period, or failing that the criteria for determining it\u003C/p>\u003C/li>\u003Cli>\u003Cp>as far as possible, a general description of the technical and organisational security measures you implement\u003C/p>\u003C/li>\u003C/ol>\u003Cp>\u003Cbr>The processor's register must list all categories of processing activities carried out on behalf of your customers. \u003C/p>\u003Cp>In practice, a register sheet must therefore be drawn up for each of these categories of activity (data hosting, IT maintenance, service for sending commercial prospecting messages, etc.).\u003C/p>\u003Cp>This register must include the name and contact details of your organisation as well as, &nbsp;if applicable, your representative, if your organisation is not established in the European Union, and your data protection delegate if you have one. \u003C/p>\u003Cp>For each category of activity carried out on behalf of customers, it must contain&nbsp;the following minimum elements: \u003C/p>\u003Col>\u003Cli>\u003Cp>the name and contact details of each customer, data controller, on whose behalf you process data and, where applicable, the name and contact details of their representative\u003C/p>\u003C/li>\u003Cli>\u003Cp>the name and contact details of any processors you yourself use in the course of this activity\u003C/p>\u003C/li>\u003Cli>\u003Cp>the categories of processing carried out on behalf of each of your customers, i.e. the operations actually carried out on their behalf (for example&nbsp;: for the category service for sending prospecting messages&nbsp;, this may involve collecting email addresses, sending messages securely, managing unsubscriptions, etc. )&nbsp;\u003C/p>\u003C/li>\u003Cli>\u003Cp>transfers of personal data to a third country or to an international organisation. In the very specific cases mentioned in the 2nd paragraph of Article 49.1 (absence of an adequacy decision under Article 45 of the GDPR, absence of the appropriate safeguards provided for in Article 46 of the GDPR and inapplicability of the exceptions provided for in the 1st paragraph of Article 49. 1), the safeguards provided to frame the transfers must be mentioned.\u003C/p>\u003C/li>\u003Cli>\u003Cp>As far as possible, a general description of the technical and organisational security measures you implement.\u003C/p>\u003C/li>\u003C/ol>",{"id":817,"separator":656,"field":9,"operator":657,"value":9,"rules":818},"a0413f05-ae2e-4c2a-8a36-b98c10e504b7",[819,822,825],{"id":820,"separator":9,"field":471,"operator":657,"value":477,"rules":821},"73c5d5c0-2037-4c63-b89a-33701f752abc",[],{"id":823,"separator":9,"field":471,"operator":657,"value":481,"rules":824},"af504d9d-4f9b-410a-806c-9fe718f398a1",[],{"id":826,"separator":9,"field":471,"operator":657,"value":485,"rules":827},"82a0b00c-9a78-402e-a0d1-5f5be1fbf96a",[],{"id":829,"label":830,"variant":676,"variantIndex":11,"variantColor":677,"variantIcon":678,"variantText":679,"contentHtml":831,"displayConditions":832},"bba5fdad-25d8-4783-920b-76d08777c89e","Complex requests","\u003Cp>\u003Cstrong>The person responsible for the file may extend the initial deadline by two months (three months in total)&nbsp;:\u003C/strong>\u003C/p>\u003Cul>\u003Cli>\u003Cp>If your request is complex. For example, as part of a request for right of access, it must provide you with a very large number of documents that require them to be removed from the archives.\u003C/p>\u003C/li>\u003Cli>\u003Cp>On condition that you are informed of this within one month.&nbsp;\u003C/p>\u003C/li>\u003C/ul>\u003Cp>\u003Cstrong>Note:\u003C/strong>in all cases, you must have a response within one month.\u003C/p>\u003Cp>\u003Cem>\u003C/em>\u003C/p>",{"id":833,"separator":656,"field":9,"operator":657,"value":9,"rules":834},"78e00e59-653b-4bcc-b122-62f4f32c99fb",[835,838],{"id":836,"separator":9,"field":554,"operator":657,"value":560,"rules":837},"d4dc2074-d6c7-4471-8cef-4650b762f877",[],{"id":839,"separator":9,"field":554,"operator":657,"value":564,"rules":840},"e3aed2ce-e951-48d7-a7a3-8433036a547e",[],{"id":842,"label":843,"variant":844,"variantIndex":28,"variantColor":99,"variantIcon":845,"variantText":844,"contentHtml":846,"displayConditions":847},"f476a861-e403-45d9-bb69-831ba12431a4","Bravo !","Success","icon-checkmark","\u003Cp>You've got the right answers to all the questions! \u003C/p>\u003Cp>You have a very good knowledge of the fundamentals of the GDPR. \u003C/p>",{"id":848,"separator":656,"field":9,"operator":657,"value":9,"rules":849},"2fe0fa3e-633f-45ba-98e0-567c2d073a47",[850],{"id":851,"separator":9,"field":852,"operator":657,"value":853,"rules":854},"31f9ccbb-00ba-42a4-ac8b-e5a0e9d2df1d","readiness","100",[],{"id":856,"label":857,"variant":844,"variantIndex":28,"variantColor":99,"variantIcon":845,"variantText":844,"contentHtml":858,"displayConditions":859},"d5c15f16-3fef-4ccf-b4ae-0737417cbd8b","Well done!","\u003Cp>You have a good knowledge of the GDPR but you can still achieve perfection!\u003C/p>\u003Cp>More effort, we're almost there! \u003C/p>",{"id":860,"separator":656,"field":9,"operator":657,"value":9,"rules":861},"47a9e8da-b383-4188-924c-fde244f66931",[862,867],{"id":863,"separator":9,"field":852,"operator":864,"value":865,"rules":866},"1475178d-ca27-405c-9092-32823df78e1d","greaterThan","74",[],{"id":868,"separator":9,"field":852,"operator":869,"value":853,"rules":870},"d29427ea-94fa-4a66-9e27-1b4d6c239fba","lessThan",[],{"id":872,"label":873,"variant":844,"variantIndex":28,"variantColor":99,"variantIcon":845,"variantText":844,"contentHtml":874,"displayConditions":875},"ec315d35-3682-4716-8510-78212066e4c2","You're not far off!","\u003Cp>You have an acceptable knowledge of GDPR concepts.\u003C/p>\u003Cp>More effort! We're not far off.\u003C/p>",{"id":876,"separator":656,"field":9,"operator":657,"value":9,"rules":877},"8cbd9086-e0c5-48ee-a9e3-37fd7805547f",[878,882],{"id":879,"separator":9,"field":852,"operator":864,"value":880,"rules":881},"d42b21bd-c564-41c0-aa36-ab19dd3fc200","49",[],{"id":883,"separator":9,"field":852,"operator":869,"value":884,"rules":885},"b2cd08d5-32fd-4a0e-9615-eff46e457eee","75",[],{"id":887,"label":888,"variant":693,"variantIndex":694,"variantColor":695,"variantIcon":678,"variantText":693,"contentHtml":889,"displayConditions":890},"934b10ae-f889-4a2e-8a6d-19d3ea51e74a","To be improved","\u003Cp>It wasn't easy either. But you can pass the 50% mark if you get your act together!\u003C/p>",{"id":891,"separator":656,"field":9,"operator":657,"value":9,"rules":892},"b02447b2-3a1c-4c05-b414-cb2bee254d4b",[893,897],{"id":894,"separator":9,"field":852,"operator":869,"value":895,"rules":896},"79233bb8-b5fa-4586-b5ee-00f12bb35c26","50",[],{"id":898,"separator":9,"field":852,"operator":864,"value":899,"rules":900},"67f57e30-a844-41e5-ab12-e0c62d13bd21","24",[],{"id":902,"label":903,"variant":904,"variantIndex":905,"variantColor":906,"variantIcon":907,"variantText":904,"contentHtml":908,"displayConditions":909},"b0439e5f-0170-4952-b7e5-3d215ccf73b8","On n'y est pas...","Danger",3,"#DC3545","icon-alert-triangle","\u003Cp>We certainly need to go back to the basics. Don't despair, you'll get it right next time!\u003C/p>",{"id":910,"separator":656,"field":9,"operator":657,"value":9,"rules":911},"33cd59c4-161f-4681-b169-ad69d284e465",[912],{"id":913,"separator":9,"field":852,"operator":869,"value":914,"rules":915},"e96205f0-7a1e-4441-bce9-b64b50b09764","25",[],"cbf2e7f8-4892-49b5-4d80-08dbb2962706","1.0","E-Learning - GDPR Awareness - Level 1","mHRb0QUy31w68FYkylbu7IuZHzmP3YWt9IyDzJ0yxFUKQLtg7HH436b3EbpQ","https://static.dastra.eu/tenant-3/audit/HYs6av8IPGHiSy/icon-audit500x-150-150.png","Test your knowledge of the General Data Protection Regulation (GDPR). \nThrough this questionnaire, you can quickly assess your level of knowledge and participate in the obligation to train key people on the subject of personal data protection. \n","2023-09-11T07:37:18.0833268","2024-08-29T12:41:14.0635891","Formation",6,"Training",{"id":928,"displayName":929,"familyName":930,"givenName":931,"email":932,"active":34,"color":933,"avatarUrl":934,"tenantId":11},38,"Paul-Emmanuel Bidault","Bidault","Paul-Emmanuel","paulemmanuel.bidault@dastra.eu","#FA4115","https://static.dastra.eu/tenant-27/avatar/38/paul-emmanuel-bidault-150.jpg",[936],{"id":937,"displayName":938,"familyName":930,"givenName":939,"email":940,"active":34,"color":941,"avatarUrl":9,"tenantId":11},39,"Antoine Bidault","Antoine","antoine.bidault@dastra.eu","#197BBD",[943],{"id":944,"label":945,"type":946,"typeIndex":947,"typeColor":948,"typeIcon":949,"typeText":950,"color":951},"5d13e13b-84c0-44a1-8e42-3e9f684542d7","E-learning","AuditTemplate",9,"#83d162","ds-icon-audit","Questionnaire template","#4E6374",37]