Respond to a privacy smart assessment

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read

    • Respond to either a screening assessment or an impact assessment from the Assessment Workspace. The assessment results help to understand the potential privacy risks and their mitigation measures.

    Before you begin

    Role required: sn_privacy.business_user

    About this task

    A screening assessment is the first assessment that is sent to any responder to determine if the privacy teams need to be aware of any application that processes personal data. If there is personal data involved, then an impact assessment is sent to the key stakeholders. While the screening assessment only has the General section for questions, the impact assessment has two sections: Personal data and Questionnaire. Under the Personal data section, you find the following sections:
    • Data elements: This section displays the information object categories and each information object that belongs to that category. Based on your selection during template configuration, you can view either all information object categories or only the selected ones.
    • Hierarchy: In this section, the responders specify the source and the destination of data.
    • Legal basis: In this section, the responders specify the lawful basis on which the data is processed. For example, an information is processed for legal obligations. Here, you can specify the granular levels of the create, read, update, delete operations that can be performed on the data and also where is the data coming from and where is being sent.
    Because the assessments use the Smart Assessment Engine, the responders can see the detailed description of each question and the guidance that helps the responder in answering the questions.

    Procedure

    1. Navigate to All > Self Service > Employee Center > My active items > GRC tasks > My to-dos > My pending tasks > Privacy assessments.
    2. Select and open the assessment you want to take.
      The assessment opens in the Assessment Workspace.
    3. To take the assessment, select Start.
    4. Optional: To reassign the assessment, select Reassign.
      You can only reassign the assessment to a user who has the privilege to respond to an assessment and is a key stakeholder.
    5. If responding to a screening assessment, respond to the questions in the questionnaire.
    6. To view the guidance for a question, select View guidance at the bottom of the question.
    7. Select Submit.
    8. Optional: If responding to an impact assessment, on the Personal data section, provide the responses for Data elements, Hierarchy, and Legal basis.
      1. Select Move to questionnaire
      2. Select Submit.
      3. On the confirmation box, select Submit.
    9. To view your responses after submission, on the assessment page, select View.

    Result

    After an assessment is submitted, the privacy team receives a notification about the assessment submission. The team can then choose to either act on it or reject it based on their analysis. If the privacy team closes the assessment, then a processing activity gets created.