Learn about privacy assessments (preview)

Organizations today face significant challenges in maintaining current justified documentation of data usage across their data estates. The assessment of personal data use often involves manual and time-consuming tasks like generating and updating custom questionnaires as well as monitoring data use across the business, hindering the privacy team’s ability to keep up with the rapidly evolving business use of personal data. As a result, privacy impact assessments are performed retrospectively or quickly become stale, failing to accurately reflect the current state of data use within the organization.

Microsoft Priva Privacy Assessments (preview) automates the discovery, documentation, and evaluation of personal data use across your entire data estate. Using this regulatory-independent solution, you can automate privacy assessments and build a complete compliance record for the responsible use of personal data. Your organization can easily embed your custom privacy risk framework into each assessment to programmatically identify the factors contributing to privacy risk. With customizable privacy rules, an assessment can be automatically assigned when a change in data processing is detected in your Data Map.

Scenarios for privacy assessments

As a privacy professional, you can accomplish the following tasks with privacy assessments:

  • Automate the creation of privacy assessments: Create custom assessments tailored specifically to your organization. Use the easy editing interface to create the assessment you need to capture critical information about your organization’s data use.

  • Monitor personal data usage: Create and customize privacy rules that automatically monitor data usage in your data map and trigger an assessment when a change in data processing is detected.

  • Evaluate privacy risks: Create a customized privacy risk framework that can be operationalized through privacy assessments.

Other compliance stakeholders in your organization, such as business owners and engineers, can accomplish the following tasks with privacy assessments:

  • Register and model the use of personal data in the Microsoft Purview Unified Catalog using logical business assets in the metamodel. The class of assets, such as projects, applications, and business processes, allow for defining of concepts and representing uses of data to contrast from other assets that depict physical data like a table or database. Throughout the documentation for privacy assessments we will refer to this class of assets as projects.

  • Define the relationship between the business asset representing the data use and the physical data assets associated with that use.

  • Collaborate on, complete, and submit an assessment response comprehensively describing and documenting the data use.

Next steps

  1. Visit Get started with privacy assessments to learn about roles, terminology, and understand the overview page.

  2. Configure the metamodel and register assets in preparation for assigning assessments.

  3. Learn how to create and manage privacy assessments.

  4. Set up privacy rules so that assessments can be automatically assigned whenever a change in data processing is detected.

Microsoft Priva legal disclaimer