TODO.LAW™ DPO CENTRAL
DocsSign In

Assessments

Conduct privacy impact assessments using configurable templates. Score risks, document mitigations, and manage approval workflows for DPIAs, PIAs, LIAs, TIAs, and vendor risk assessments.

Assessment Templates

Choose from built-in templates or create custom assessments. Each template includes pre-configured questions, risk criteria, and approval workflows.

LIA

Legitimate Interests Assessment

Evaluate whether legitimate interests can be relied upon as a legal basis

CUSTOM

Custom Assessment

Create your own assessment template with custom questions and criteria

DPIAPremium

Data Protection Impact Assessment

Required under GDPR Article 35 for high-risk processing activities

PIAPremium

Privacy Impact Assessment

Broader privacy analysis for new projects and systems

TIAPremium

Transfer Impact Assessment

Evaluate safeguards for international data transfers (Schrems II)

VENDORPremium

Vendor Risk Assessment

Assess privacy risks of third-party vendors and processors

Approval Workflow

Assessments move through a structured approval workflow. Each stage has clear ownership and the system tracks who approved what and when.

1

Draft

Author creates assessment

2

In Progress

Completing questions

3

Pending Review

Submitted for approval

4

Approved

Assessment signed off

Risk Scoring

Each assessment calculates an overall risk level based on the likelihood and impact of identified risks. The system supports four risk levels.

LOW

MEDIUM

HIGH

CRITICAL

Risk scores are calculated from individual question responses and can be overridden by the assessor with justification. The overall risk level drives review requirements and mitigation priorities.

Risk Mitigations

Document mitigation measures for each identified risk. Track implementation status and assign ownership for follow-up actions.

Example Mitigations

Implement data encryption at rest and in transitImplemented
Add access controls and audit loggingImplemented
Conduct annual vendor security reviewPlanned
Deploy data loss prevention (DLP) toolsIn Progress

Creating an Assessment

1

Select Template

DPO

Choose an assessment template (LIA, DPIA, PIA, TIA, Vendor, or Custom) from the Assessments module.

2

Set Scope and Context

DPO

Define the assessment scope, processing activity being evaluated, and relevant data assets.

  • Link to specific processing activities from your data inventory
  • Identify the data elements and data subjects involved
3

Complete Questions

DPO

Answer each question in the template. The system calculates risk scores as you progress.

4

Document Mitigations

DPO

For each identified risk, document mitigation measures, assign owners, and set deadlines.

5

Submit for Review

DPO

Submit the completed assessment for approval. Reviewers can approve, reject, or request changes.

6

Final Approval

Approver

Once approved, the assessment is locked and stored as a compliance record.