The new assessment experience offers the following benefits.

• Capture all the required information during the assessment eliminating the need for manually adding details to the processing activity.
• Capture the hierarchy or flow of data and specify where the data is coming from and where is the data going.
• Collect the lawful basis of collecting and processing data.
• Create multiple sections for logical grouping of questions
• Migrate assessments from older systems.
• Provide inline guidance for questions.
• Reassign the assessment to the correct responder.
• Create highly configurable templates.

To perform the screening and the impact assessments, you require assessment templates. While the assessment templates are based on the Smart Assessment Engine, there are some additional configurations provided for the users of Privacy Management. Starting with the Zurich release, two assessment templates, Privacy Screening Assessment [V4] and Privacy Impact Assessment [V4] are provided to perform smart assessments. Privacy Screening Assessment [V3] and Privacy Impact Assessment [V3] templates are also available. Some important differences between these templates and the additional configurations are explained as follows.

Privacy screening assessment

Starting with the Zurich release, a new template for Privacy screening assessment (Privacy Screening Assessment [V4]) is available.

For a screening assessment template, there are three sections:

• General: In this section, you specify the assessment template category as Privacy category and also specify the assessment targets. For a screening assessment, the assessment targets are entities and privacy tasks.
• Questions: This section contains questions for the assessment responders. This section also contains data elements which are single units of information that represent a specific attribute or characteristic about a data subject or entity. Examples of data elements are name, email address, date of birth, and so on. In this section, you’ll also find a section titled Criticality factors and these questions are used to calculate the criticality score.
• Automations: In this section, you can define the rules that allow the automatic creation of processing activities based on the responses to questions. This section uses Workflow Studio. These automations are mapped to their relevant questions. Automation streamlines various processes, including the application of risk statements and control objectives based on user responses. When users select specific responses during an assessment, the system automatically applies the appropriate risks and controls to the relevant records. For example, consider an organizational policy stating that personal data can only be transferred outside the EU with explicit consent. During an assessment, if a user indicates that data is being transferred outside the EU, the system will automatically apply the Data Transfer risk to the processing activity: Assign Explicit Consent as a control to mitigate the identified risk. This automation ensures consistency, saves time, and reduces the likelihood of human error in managing risks and controls.

For detailed information on how to configure a screening assessment template, see Configure smart assessment templates for screening assessments.

Privacy impact assessment

Starting with the Australia release, a new template for Privacy impact assessment (Privacy Impact Assessment [V4]) is available.

For a privacy impact assessment template, like the screening assessment template, you have the Overview and Details sections, and while by default, the Automations section is present, it does not contain any predefined automations. You can add automations if you require them. For an impact assessment template, apart from the questionnaire, you can add the personal data elements. For detailed information on how to configure an impact assessment template, see Configure smart assessment templates for impact assessments.

When privacy analysts receive an assessment, they review the assessment. During the review, they can either request for a revision of the assessment or directly approve it. During the Review state, the privacy managers can view the following items:

• Information objects: The information objects tab displays the information objects identified as part of the screening assessment.
• Hierarchy: The hierarchy of where data comes from and where it goes.
• Outcomes: The outcomes tab displays the risk statement and the control objectives associated with the assessment.