Multi-entity management
      Back to home
      1. Help desk
      2. Data Legal Drive GDPR
      3. Multi-entity management

      Understanding the analytics dashboards

      The Analytics module offers two sets of charts: the risk exposure dashboard and the activity monitoring dashboard.

      Clients with multiple entities can determine the dashboard scope by selecting one or more entities.

      The charts can be viewed on-screen or downloaded as data files.

       

      Table of contents

      Using the Analytics module

      To use the Analytics module:

      1. In the sidebar, select Management Analytics.

      2. In the back office sidebar, click Analytics and select one of the following:

      • Risk exposure

      • Activity monitoring

      3. Click the Select entities field and select the entity or entities to be included in the dashboard.

      4. If you selected Activity monitoring, click the Select dates field and either select a preset period or select a start date and end date to determine the period you wish to monitor.

      To easily retrieve the entities and dates selected, bookmark the page using your web browser just as you would any standard web page. You can then return to the bookmark later.

       

      5. You can now view the results on screen or download them:

      • View the results on-screen: click the Show report button. If you hover the mouse over a chart, several icons and types of information appear: you can hover the “information” icon for a brief explanation (available on most charts), hover a section of the chart or text next to it for detailed data on one aspect, or click the download icon to download the data of that chart in a csv, xlsx or json file.

      If you selected several entities, the results are consolidated.

       

      • Download the results in a PDF file: click the Download button. If several entities are selected, you can choose between a separate report for each entity selected, or a single consolidated report. For files that require significant time to generate, you will receive an email with a secure link to the PDF.

      Risk exposure dashboard

      The following table provides a detailed explanation of the data shown in each chart.

       

      To view the data:

      1. Select the entities.

      2. Click Show report.

      • Only active processing activities are taken into account.

      • It can take up to 24 hours for changes to be taken into account in the charts.

       

      Chart

      Description

      Processing activities

      Breakdown of processing activities by:

      • Processor

      • Data controller

      Breakdown of processing activities into those that:

      • have an impact assessment (all statuses combined)

      • do not have an impact assessment

      Breakdown of processing activities by area and status (there may be several pages; see the arrows under the chart).

      Breakdown of processing activities based on information in Data section > Nature tab:

      • Sensitive data is under heading The data known as "special"

      • Intermediate data is under heading Other data requiring a specific analysis

      Breakdown of processing activities based on information in Data section > Categories tab.

      Subcontracting

      Number of processing activities involving third parties that are either Processors or Subprocessors (Identification section > Third parties tab > Qualification menu).

      Number of third parties that are either Processors or Subprocessors. Each data processor is only counted once, even if they are involved in multiple processing activities.

      Percentage of Processors or Subprocessors with an agreement that covers data protection as per the GDPR (third parties repository > Technical, Organisational and legal measures tab > Does the agreement with the third party cover data protection as per the GDPR? > Yes)

      Data flows

      Data based on how the Cross-border flow section is completed in each processing activity:

      • No cross border flows = No or empty

      • Cross border flows = Yes + recipient(s)

      • Cross border flows that are implicit = at least one non-EU third party linked to processing activity but Yes not selected in Cross-border flow section

      • Cross border flows without recipient = Yes but no recipients

      Global view of all cross-border flows.

      Software

      Total number of software programs in software repositories

      Percentage of software that has a risk rating

      Percentage of software that has a compliance rating

      For each software in the repository, the table shows:

      • Processing activities: number of processing activities that use each software

      • Compliance and Risk ratings of each software if applicable

      Only includes software that has a risk rating.

      • Shows software count per risk rating

      • Dark blue is count for software that processes sensitive data

      • Light blue is count for software that does not process sensitive data

      Example. In this screenshot there are:

      • 6 software programs with risk rating of 2 that process sensitive data

      • 2 software programs with risk rating of 4; 1 processes sensitive data, 1 does not

      Only includes software that has a compliance rating. Same approach as for “Software count by risk rating” (see above).

      Activity monitoring dashboard

      The following table provides a detailed explanation of the data shown in each chart.

       

      To view the data:

      1. Select the entities.

      2. Select the dates.

      3. Click Show report.

      • Only active processing activities are taken into account.

      • It can take up to 24 hours for changes to be taken into account in the charts.

       

      Chart

      Description

      Processing activities

      Number of processing activities in “Being validated” status that were changed to “Validated” status during selected period.

      Number of times that “Validated” processing activities were changed to “To be reviewed” status during selected period. If the same processing activity is reviewed several times, each review is counted.

      Percentage of processing activities in “To be reviewed” status that were switched back to “Validated” during selected period. Target is 100%.

      Number of processing activities created during selected period.

       

       

      Shows daily number of processing activities in each status.

      • Each status has a color code shown in the colored dots at top of chart. The total of all statuses on a given date is shown above the top line. For example, in this screenshot, there were 46 active processing activities on October 25th, all statuses combined.

      • To view all statuses on a given date, hover the mouse over the dot representing that date: a pop-up indicates the count for each status.

      • To view the trend of a specific status, hover the colored dot at top of chart representing that status. The line of that status is highlighted and the color block beneath it shows how many processing activities were in that status (if no color block is displayed, then no processing activity was in that status at that time).

      Impact assessments (PIA)

      Number of PIAs that were changed to “Validated” status during selected period.

      Number of PIAs created during selected period.

      Daily number of PIAs in each status.

      This chart works the same way as the “Processing trends” chart. See above for more information.

      Data subject requests (DSR)

      Number of DSRs received during selected period.

      Percentage of DSRs created and started to be processed during selected period. “Initiated” means at least partially completed by an actual person. The target is 100%.

      Average number of days between DSR creation and date it enters “Done” status. Includes time spent waiting for data subjects to respond to requests.

      Number of DSRs received, broken down by nature. If a DSR has several “natures”, each one is counted.

      Trends in number of DSRs created

      Data breaches

      Number of data breaches created during selected period, broken down by risk assessment.

      Privacy by design

      Number of projects closed during selected period, broken down by opinion.

      Number of existing projects at end of selected period, broken down by status.

      Number of projects created during selected period.

      Audits and controls

      Number of audits and controls started during selected period, broken down by origin (external or internal).

      “Started” refers to the start date entered when creating the audit or control, not the date it actually started.

      End-of-period status of audits and controls started during period, broken down by origin (external or internal).

      Actions

      Number of actions completed or archived during selected period.

      Number of actions that reached their deadline during selected period and have not been completed.

      Number of actions created during selected period (including those planned for a future period).