Prerequisites to Processing Activity Assessment
 
Specifying Compliance Levels
Legal Basis Compliance Level
Minimization Compliance Level
Data transfers and security measures
Viewing the Initial Compliance Level of a Processing Activity
To be able to perform an assessment (whether a pre-assessment or a DPIA), you should make sure that:
processing activity owners have properly described the processing activities
*For more information, see Describing Processing Activities.
you have specified compliance levels on the basis of the information given by processing activity owners.
Specifying Compliance Levels
The Privacy team/DPO has to specify a compliance level for each section of a processing activity.
*It is necessary to give those scores after the processing activity owner has described the processing activity. This will give you an indication of where to start when it comes to further assessing your processing activities (through preliminary assessment and DPIAs).
Viewing the Initial Compliance Level of a Processing Activity
It is useful for the DPO or the Privacy team to get an overview of the processing activity compliance levels. It will facilitate prioritization of subsequent actions (decide if you need to perform a pre-assessement or a DPIA).
To identify the compliance level of a processing activity:
*In the processing activity properties, select the Pre-assessment page.
Here you can find a summary of the scores previously assigned in the different sections found in the Legal Basis and Details pages:
Legal Basis (score from the Legal Basis page)
Data Minimization (score from the Details page)
Data Subject's Rights & Notice Management (score from the Details page)
Data Transfers (score from the Details page)
Security Measures (score from the Details page)