The Article 30 Assessment (ROPA) – Intermediate Template is similar to the basic version; however, it is divided into five distinct sections, compared to the two found in the Basic version.

Following on from customer feedback, the internal and external transfer of personal data was identified as a specific risk to organisations. As a result, separate internal and external transfer event sections have been introduced to provide greater granularity. This allows customers to clearly see which items of personal data are being transferred between business areas or to third parties.

The Intermediate Assessment also includes additional security measure questions, such as collection & transfer safeguards, which are not present in the Basic Assessment.

Furthermore, the Intermediate Assessment allows customers to customise each event further if they require more granular reporting. For example, if you need to differentiate between the personal data items that were collected (rather than processed), the assessment allows for that level of detail if required in the related section.

• Please note that if more granularity is required in your assessment, changes to register question links & relationships will need to be updated within the Privacy Assessment Creator.
• Existing customers (pre-September 2020) wishing to use this assessment will be required to update their Privacy registers to the latest version. Please contact your Customer Success Manager or Onboarding Manager to discuss this upgrade.

Assessment Workflow Diagram