Compliance

DPIA notes

Risk reviews should be revisited whenever the product changes in ways that increase the amount or sensitivity of processed personal data.

Review triggers

  • Process mining and conformance analysis
  • New automated decision-making or profiling
  • Expanded support workflows containing user-submitted content
  • New data transfers or new subprocessors
  • New billing, admin, or analytics features that materially change risk