• Introduction to HOPEX Privacy Management
  • Pre-Requisites to HOPEX Privacy Management
  • Connecting to HOPEX Privacy Management
  • Profiles used in HOPEX Privacy Management
    • Summary of Profiles
    • Rights for HOPEX Privacy Management Profiles
  • Useful Features
    • Object status
    • Collaboration features
    • The search features
• Reusing Enterprise Architecture Data
  • Converting HOPEX EA Org-Units to Organizations
    • Converting Org-Units to Organizations
    • Synchronizing EA-Privacy Organization
  • Creating Processing Activities from EA Objects
    • Creating Processing Activities from Processes
    • Creating Processing Activities from Applications
• Setting Up the Privacy Environment
  • Accessing the Privacy Environment
  • Defining Data Categories
  • Data Subject Categories
  • Defining Sensitive Activities
  • Defining Transfer Safeguards
  • Defining Supervisory Authorities
  • Defining Country Adequacy
    • About Country adequacy
    • Accessing country-adequacy information
    • Country-adequacy information use
  • Defining Security Measures
  • Defining Technologies
    • Computing devices
    • Removable devices
  • Defining Physical Archives
• Defining the Organization
  • Creating Legal Entities and Departments
    • Introduction to Entities and Departments
    • Creating a Legal Entity
    • Creating Departments
    • Populating Legal Entities and Departments
  • Defining Legal Entity Properties
    • General properties of entities
    • Managing establishments
    • Managing national representatives
    • Managing contractual agreements
    • Managing users
  • Managing Departments
    • Defining department main characteristics
    • Defining Department roles
    • Connecting Users to a department
  • Defining Establishments
    • Creating an establishment
    • Specifying the HQ establishment for an entity
    • Specifying the country of a legal entity
  • Defining an Organizational Model
  • Managing Third Parties
  • Viewing the DPO Organizational Chart
  • Managing Policy Documents
    • Creating policy documents
    • Attaching policy document information
    • Assessing policy documents
• Managing Regulations
  • Managing Regulation Frameworks
    • Accessing Regulation Frameworks
    • Specifying the Scope of a Regulation Framework
    • Defining Regulation Characteristics
    • Specifying Requirements on a regulation framework
  • Managing Requirements
    • Accessing Requirements
    • Adding Requirements
    • Specifying the Scope of a Requirement
    • Defining Requirement Characteristics
• Describing Processing Activities
  • Presentation of Processing Activities
  • Creating Processing Activities
    • Creating Processing Activities in HOPEX Privacy Management
    • Creating Processing Activities through Duplication
  • Accessing the Records of Processing
    • Accessing Processing Activities
    • Refining the Scope of the Records of Processing
  • Describing Processing Activities
    • Processing Activity Dashboard
    • Processing Activities Overview
      • Additional information to specify
      • Information in read-only mode
      • Participants involved in the processing activity
      • Computed information
    • Processing Activities Legal Basis
  • Processing Activity Details
    • Processing Activities Levels of Detail
    • Processed Personal Data
      • Qualifying Minimization
      • Viewing the computed risk
      • Specifying the retention period on a processing activity
    • Data Subject Right and Notice Management
      • Specifying data subject rights for a processing activity
      • Viewing data subject rights for all your processing activities
      • Giving a compliance score for data subject rights
    • Data Transfers
      • Specifying data transfers on a processing activity
      • Giving a compliance score for transfers
    • Security Measures
      • Specifying security measures on a processing activity
      • Giving a compliance score for security measures
    • Technologies and Physical Archives
    • Contractual Agreements and Other Attachments
  • Managing Processing Activity Elements
    • Creating a processing element
    • Specifying an application processing element
    • Displaying the application properties and web site
  • Viewing Impact of Regulations on Processing Activities
  • Using the Processing Activity Workflow
    • Requesting processing activity description
    • Submitting processing activity description
    • Submitting pre-assessments and DPIAs
  • Processing-Related Reports
    • Accessing Processing-Related Reports
    • Records of Processing
      • About the record of processing
      • Creating a record of processing
    • Cross-border Transfer Map
      • Pre-requisites to using cross-border transfer map
      • Content of the transfer map
      • Additional information about transfers
    • CNIL-Specific Report
      • Activating the CNIL Report
      • Prerequisites for the CNIL report
      • Generating the CNIL report
  • Managing Processing Activity Visibility
• Assessing Processing Activities
  • Prerequisites to Processing Activity Assessment
    • Specifying Compliance Levels
      • Legal Basis Compliance Level
      • Minimization Compliance Level
      • Data transfers and security measures
    • Viewing the Initial Compliance Level of a Processing Activity
  • Performing a Pre-assessment
    • Consulting Decision-Making Reports
      • Accessing your dashboard
      • Processing activities by compliance level
      • Processing activities by assessment status (DPIA)
      • Processing activities by risk scale
    • Performing the Pre-Assessment
    • Consulting the History of Pre-assessments
  • Performing Impact Assessment (DPIA)
    • About DPIAs
      • When to conduct a DPIA?
      • What is a DPIA?
    • Creating a DPIA
      • Starting a new DPIA
      • Reusing a DPIA
      • Editing a DPIA
    • Creating and Assessing Risks for a DPIA
    • Recommendations and Remediation Actions on DPIAs
      • Creating recommendations
      • Creation remediation actions
    • Validating the DPIA
      • Final risk level
      • Final compliance level
      • Subsequent Action
    • Consulting DPIA Reports and Results
      • Viewing the dashboard of the processing activity
      • Record of DPIAs
      • Generating a DPIA document
• Managing Data Breaches
  • Declaring a Data Breach
  • Specifying Data Breach Scope
  • Assessing a Data Breach
  • Planning Remediation actions
  • Notifying a Data Breach
  • Viewing Elapsed Time since Breach Discovery
  • Duplicating Data Breaches
• Managing Data Subject Requests
  • Creating a data subject request
  • Specifying Information on a Data Subject Request
  • Describing the scope of a data subject request
  • Attaching documents to the data subject request
  • Managing data subject management deadlines
• Managing Action Plans
  • Accessing Action Plans
    • Accessing all Action Plans
    • Accessing Action Plans specific to a Processing Activity
  • Defining Action Plans
    • General Characteristics
    • Financial Assertions
    • Success Factor and Outcomes
    • Scope
    • Milestones
    • Attachments
  • Managing Actions
  • Ensuring Action Plan Follow-up
    • Specifying Action Plan Progress Rate
    • Using Steering Calendars
  • Monitoring Action Plan Progress
  • Appendix: Action Plan Workflows
    • Bottom-Up Action Plan Workflow
    • Top-down Action Plan Workflow
    • Action Workflow
• Demonstrating Compliance
  • Processing Activity Status
  • Legal Basis
  • Sensitive Activities
  • Record of DPIAs
  • Data Risk Report
  • Data Transfers
  • Data Subject Rights Report
  • Third-Parties Report
    • Pre-requisites
    • Launching the Third-party report
    • Third-party report content
  • Record of Processing
  • Cross-border transfer map
  • IT Applications
  • Notice
  • Data Breaches
• FAQs
  • About Data Privacy
    • What is personal data?
    • Example of supported law
  • About Processing Activities
  • About Assessments
  • About Transfers
  • About HOPEX Privacy Management Import and HOPEX Integration
  • Miscellaneous
  • Privacy Glossary
• Appendix: GDPR in Details
  • Territorial Scope
    • Establishment Principle in the Directive
      • Establishment in Different States
      • Company Chain
      • Reference
    • Establishment Principle in the Regulation
      • Establishment Notion
      • Effectiveness
      • Stability
      • References
    • Foreign Company Subject to Regulation
      • Offering of Goods or Services to EU residents
      • Monitoring Behavior of EU residents
    • Controller Representative or Foreign Processor
    • Applicability Member State Law due to International Law
      • Reference
  • Personal Data Processing
    • Legal Entity Data
    • Common Data
    • Special Categories of Data
      • Sensitive Data
      • Legitimate Conditions for Sensitive Data
      • Biometric Data
      • Genetic Data
      • Health Data
      • Sanction for Sensitive Data Breaches
    • Common Data
    • Sensitive Categories of Data
      • Sensitive Data
      • Legitimate Conditions for Sensitive Data
      • Biometric Data
      • Genetic Data
      • Health Data
      • Sanction for Sensitive Data Breaches
  • GDPR Legal Roles
    • The Undertaking
    • The Enterprise as an Interested Subject
    • SMEs as data controllers
    • Derogations and Facilities for SMEs
  • Notice and Consent
    • Transparency
    • Notice:Contents
    • Notice:New Rules
      • Sanctions for omitted notice
    • Notice:Exceptions
    • Personal data collected from data subject
    • Personal data not obtained from the data subject
    • Notice:When to be Issued
    • Consent
      • Sanctions for consent violations
    • Consent Lawfulness Conditions
  • Rights of Data Subjects
    • Access Right
    • Right to Rectification
    • Right to Erasure
    • Right to be Forgotten
    • Right to be Forgotten: History
    • Right to Restriction of Processing
    • Portability Right
    • Free Exercise of Rights
    • Right to Object
  • GDPR Documentation System
    • Records of Processing
    • Supporting Documentation
    • Abolition Obligation Notification
    • Sanction for Violation of Documentation
  • Prior Consultation to Supervisory Authority
    • Sanction for Omitted Prior Consultation
  • Data Protection Assessment
    • DPIA
    • Sanction for Omitted DPIA
    • Supervisory Authority Consultation
  • Technical and Organizational Measures
    • Security Measures
    • Security in General
    • Security Assessment
  • Data Breach
    • Security Measures against Data Breaches
      • The declination of organizational and technical measures in the information security system
      • Prevention and reaction to data breaches
      • The criterion of adequacy of the measures
      • Data breach incidents
      • GDPR
    • Personal Data Breach
    • Sanction for Sensitive Data Breach
  • Data Transfer Abroad
    • 1.1. Countries that offer personal data protection system, considered appropriate by the EU Commission
    • 1.2. Countries not on the list of those with "adequate protection"
    • 1.3. The various contractual models approved by the EU Comission
  • Sanctions and Damages
    • New Sanctions
    • Sanction for Sensitive Data Breaches
    • Sanction for Omitted Prior Consultation
    • Sanction for Omitted DPIA
    • Sanction for Consent Violations
    • Sanction for Rights Violations
  • GDPR-related Definitions