TerraTrue takes the repetition and guesswork out of privacy assessments. As you complete the privacy worksheet, we will automatically suggest which types of assessments should be completed directly in TerraTrue. TerraTrue also allows you to add assessments directly to a launch if you so choose.
Note: TIAs (Transfer Impact Assessments) are not available for use within the privacy worksheet.
Working with assessments directly on a launch
Assessments can be completed directly on a launch by members of the privacy team. The Add Workflows button of the Review Section of the launch summary can be used to add DPIA, LIA, PIA, and TIA assessments.
When adding a DPIA, LIA, or PIA the applicable data use and data types should be provided. Familiar import, export, and reset actions are available for assessments added directly to a launch.
Note: Assessments added to a launch may not be skipped, unlike their privacy worksheet counterparts, as they are not triggered by TerraTrue, they can be deleted directly if no longer required.
Working with assessments in the privacy worksheet
Assessments may be triggered or added manually to the privacy worksheet on the Assessment page.
How does TerraTrue determine if a privacy assessment is necessary?
TerraTrue uses the following signals to determine whether an assessment is necessary:
- We automatically trigger LIAs whenever you're relying on legitimate interest as your basis for processing. The privacy worksheet helps you document bases for processing and even recommends when a particular basis may or may not be appropriate for different processing activities.
- We automatically trigger DPIAs whenever a launch uses a special category of data or when a combination of factors in the launch would require a DPIA under the Article 29 Working Party's Guidelines on Data Protection Impact Assessments.
- We recommend optional PIAs whenever you use data in a way that carries extra privacy risk but doesn't strictly require a DPIA. You can configure the risk level for different data types and data uses in your org settings.
- If you would like to complete an optional privacy assessment within a privacy worksheet, you can start one by picking one of the published assessments, a data use and any number of data types under the "Additional Assessments" header and then clicking "Add Assessment." The optional assessment will work like any other — just click "Start Assessment" to begin.
Where do I complete assessments?
As you go through the privacy worksheet, you’ll reach an ‘Assessments’ tab:
Here, you’ll see any DPIAs or LIAs TerraTrue suggests you complete. On each assessment recommendation, you’ll see:
- The reason it was triggered
- The option to ‘Skip’ or ‘Start’ the assessment
A three-dot menu button on each assessment, which allows you to edit any assessments you’ve started or Import Responses from a previous assessment.
TerraTrue will prompt you to complete assessments based on the responses recorded in the Data Spec and privacy worksheet. However, you can choose to skip these assessments if they are unnecessary. Simply click ‘Skip’, record a skip reason as illustrated below, and click ‘Submit Reason’. You can also upload an attachment or include a link for reference.
Viewing and Exporting Assessments
TerraTrue will automatically generate PDFs of your assessments depending on where the assessment was collected. For assessments triggered or added in privacy worksheet generation occurs when that privacy worksheet is complete and a privacy review has been completed for the launch. For assessments added directly to a launch we only require the the privacy review to have bee completed. You can view these from the launch summary page or in the Assessment Library.