The Article 30 Assessment (ROPA) – Intermediate Template is similar to the Basic version; however, it is split into 5 separate sections, rather than the 2 seen in the Basic version.
Following on from customer feedback, the transfer of personal data internally and externally was of a specific risk to organisations; therefore, separate internal and external transfer event sections have been opened up to be more granular, allowing our customers to see what items of personal data are being transferred between business areas or to third parties. The Intermediate Assessment also includes security measure questions, such as collection & transfer safeguards, which are not used in the Basic Assessment.
The Intermediate Assessment also allows customers to customise each event further if they require more granular reporting. For example, if you have been required to differentiate between the personal data items that were collected rather than processed, the assessment can allow for that granularity if required in the related section.
Please note that if more granularity is required in your assessment, changes to register question links & relationships will need to be updated within the Privacy Assessment Creator.
Existing customers (pre-September 2020) wishing to use this assessment will be required to update their Privacy registers to the latest version. Please contact your Customer Success Manager or On-boarding Manager to discuss this upgrade.
Assessment Workflow Diagram