Can I do a PIA on multiple treatments?

A data protection impact assessment may relate to one processing operation or a set of similar processing operations. A single DPIA may be used to assess several processing operations that are similar in nature, scope, context, purposes and risks.

For example:

• local authorities each implementing a similar video-surveillance system could conduct a single analysis of that system even though it is subsequently implemented by separate controllers;

• a railway operator (single controller) could conduct a single impact assessment on the video surveillance system deployed in several stations.

In Dastra, the default PIA model is attached to a single processing operation. It is possible to change the template so that the PIA is not attached to a process. In this case, you can make the PIA, export it and place it in the documentation of the concerned processes.

Can an email template be set up automatically when an audit is created?

You can create an email template that can be used in audit invitations. It is not possible to perform automated actions via workflows for example. Audits cannot be used as triggers.

As an external respondent, can I put images in the answers?

No, this is not possible. This option is available if you are an internal respondent (Dastra user).