HDVerityLawVerityLaw Docs
Help Center

Working in Risk, Breach, and DPA

SOP-style guide for privacy impact assessments, legitimate-interest assessments, breach handling, incident reporting, and DPA management in the current VerityLaw UI.

publicusers

Working in Risk, Breach, and DPA

This page explains how to use the current risk and response routes in the Privacy area, including assessments, breach handling, incident reporting, and data-processing agreement registration.

Product: VerityLaw
Module: Risk, Breach, DPA
Role: Information Officer, privacy operator, reviewer, department user reporting incidents
Difficulty: Beginner
Time: 12 to 18 minutes
Last Updated: 2026-03-10
Version: Current repo baseline

Before You Start

  • Confirm whether you are performing internal privacy administration or employee self-service reporting.
  • Keep the related processing activity, operator, or incident facts ready before you start.
  • Read Working in Privacy Overview and Information Officer first if you need the surrounding register and dashboard context.

What does this module cover?

This manual covers:

  • Impact Assessments
  • Legitimate Interest
  • LIA Review
  • Data Breach
  • Report Incident
  • DPA Management

Run privacy impact assessments

Review the assessment register

  1. Open Impact Assessments.
  2. Review the top counters:
    • Total Assessments
    • High / Critical Risk
    • Completed
    • In Progress / Draft
  3. Review each row for:
    • Title
    • Organisation
    • Risk Level
    • Status
    • Conducted By
    • Next Review
  4. Use Edit or Review on the correct row.

Create a new assessment

  1. Click New Assessment.
  2. Enter:
    • Title
    • Description if needed
    • Linked Processing Activity if relevant
    • Risk Level
  3. Add Findings and Mitigations one per line.
  4. Set the Next Review Date if known.
  5. Click Create Assessment.

Update an assessment

  1. Open the row through Edit or Review.
  2. Update the assessment details.
  3. Save the changes.

Run legitimate-interest assessments

Create the three-part test

  1. Open Legitimate Interest.
  2. Read the three test panels first:
    • Purpose Test
    • Necessity Test
    • Balancing Test
  3. Click New Assessment.
  4. Complete:
    • Title
    • Processing Activity if relevant
    • Legitimate Interest
    • Necessity
    • Balancing Test
    • Outcome if known
    • Safeguards
  5. Click Create Assessment.

Update an assessment

  1. From the list, click Edit.
  2. Update:
    • Title
    • Processing Activity
    • Status
    • Outcome
    • Safeguards
    • Test narrative fields
  3. Click Update Assessment.

Use the LIA Review queue

  1. Open LIA Review.
  2. Review the counters:
    • Pending Review
    • Submitted
    • In Review
  3. Read the full three-part reasoning on each card.
  4. Click Approve or Reject.

Honest scope note

The review queue is decision-oriented. It does not expose a separate escalation or comment workflow on the page.

Run the data-breach register

Record a new breach

  1. Open Data Breach.
  2. Click New Breach.
  3. Complete:
    • Title
    • Description
    • Severity
    • Detection Date/Time
    • Affected Records if known
    • Data Categories
    • Root Cause
  4. Click Report Breach.

Review the breach register

  1. Return to Data Breach.
  2. Review the summary cards:
    • Total Breaches
    • Open
    • Reported to Regulator
    • High Severity
  3. Review the table for:
    • Reference
    • Title
    • Severity
    • Status
    • Detected
    • Reported to Regulator
    • Assigned To
  4. Use Edit or Delete as needed.

Update breach response progress

  1. Open the breach with Edit.
  2. Update:
    • Title or description if needed
    • Severity
    • Status
    • Detection Date/Time
    • Affected Records
    • Data Categories
    • Root Cause
    • Containment Actions
    • Remediation Actions
  3. Tick the checkboxes if applicable:
    • Reported to Information Regulator
    • Data Subjects Notified
  4. Click Update.

Use Report Incident for employee escalation

  1. Open Report Incident.
  2. Enter:
    • What happened
    • Date discovered
    • Data categories affected
  3. Click Report Incident.
  4. Record the returned incident reference.

Honest scope note

This is a self-service intake form. Investigation and formal breach handling happen back in Data Breach.

Use DPA Management as a register-and-create flow

Review existing DPAs

  1. Open DPA Management.
  2. Review each row for:
    • Operator
    • Purpose
    • Status
    • Effective Date
    • Expiry Date
    • Cross-Border

Create a new DPA

  1. Click New DPA.
  2. Complete Operator Details:
    • Operator Name
    • Operator Email
    • Operator Registration
  3. Complete Agreement Details:
    • Purpose
    • Security Measures
    • Cross-border transfer flag
    • Transfer Countries if relevant
  4. Complete the date section:
    • Effective Date
    • Expiry Date
    • Review Date
  5. Save the DPA.

Honest scope note

The current DPA route is mainly a create-and-review register. The table does not expose row-level edit or delete actions. The app contains separate DPA version-history routes, but they are not surfaced from the main DPA list page.

Common mistakes to avoid

"Incident reporting and breach registration are the same screen"

Why this happens: Both deal with privacy incidents, but they serve different users.

Fix: Use Report Incident for employee intake and Data Breach for the formal breach register and response record.

"Completing a PIA automatically closes review"

Why this happens: Assessment completion and review approval are separate actions.

Fix: If approval is required, complete the assessment first and then use Compliance Health or LIA Review where the review controls exist.

What's Next

Related Pages

Still Stuck?

Was this page helpful? [Yes] [No]