{ "schema": "https://saferpage.de/schemas/privacy-assessment-workflow.v1", "generated_at": "2026-06-08T20:50:07+00:00", "domain": "internisten-im-netz.de", "scan": { "id": "225f284c-d16f-4241-a644-b14a1066eb1f", "checked_at": "2026-06-08 08:51:20.19201+02" }, "summary": "internisten-im-netz.de: Assessment-Workflow mit 6 Template(s), 6 Assignment(s) und 6 offenen Workflow-Element(en).", "metrics": { "template_count": 6, "assignment_count": 6, "ready_to_assign_count": 3, "prepare_count": 1, "watch_count": 2, "external_assignment_count": 1 }, "templates": [ { "id": "dpia_threshold", "template": "DPIA/DSFA", "title": "DPIA-/DSFA-Schwellenprüfung", "status": "ready_to_assign", "priority": "hoch", "risk_score": 100, "question_count": 6, "assignee_role": "Datenschutz/Legal/Product", "reviewer_role": "DSB/Management", "due_in_days": 7, "reminder_schedule": [ "T+1", "T+3", "faellig" ], "prefill_status": "vorbefuellt", "evidence_links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "report": "https://saferpage.de/internisten-im-netz.de", "risk_center": "https://saferpage.de/risiko/internisten-im-netz.de", "vendor_register": "https://saferpage.de/anbieter/internisten-im-netz.de", "consent_center": "https://saferpage.de/consent/internisten-im-netz.de", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json" }, "completion_gate": "Antworten geprueft, Massnahmen/Restrisiko dokumentiert, Owner-Freigabe gespeichert und Re-Scan verlinkt.", "next_step": "Schwellenentscheidung, Schutzmaßnahmen, Restrestrisiko und Freigabe dokumentieren." }, { "id": "incident_breach", "template": "Incident", "title": "Incident-/Breach-Assessment", "status": "ready_to_assign", "priority": "hoch", "risk_score": 100, "question_count": 5, "assignee_role": "DSB/Legal/IT", "reviewer_role": "DSB/Legal/IT", "due_in_days": 2, "reminder_schedule": [ "T+1", "T+3", "faellig" ], "prefill_status": "vorbefuellt", "evidence_links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "report": "https://saferpage.de/internisten-im-netz.de", "risk_center": "https://saferpage.de/risiko/internisten-im-netz.de", "vendor_register": "https://saferpage.de/anbieter/internisten-im-netz.de", "consent_center": "https://saferpage.de/consent/internisten-im-netz.de", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json" }, "completion_gate": "Antworten geprueft, Massnahmen/Restrisiko dokumentiert, Owner-Freigabe gespeichert und Re-Scan verlinkt.", "next_step": "72h-Prüfpfad, Beweissicherung, Datenarten, Empfänger und Meldeentscheidung vorbereiten." }, { "id": "program_management", "template": "Programmrisiko", "title": "PrivacyOps-Programm-Assessment", "status": "ready_to_assign", "priority": "hoch", "risk_score": 100, "question_count": 5, "assignee_role": "Programm-Owner/Datenschutz", "reviewer_role": "DSB/Management", "due_in_days": 7, "reminder_schedule": [ "T+1", "T+3", "faellig" ], "prefill_status": "vorbefuellt", "evidence_links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "report": "https://saferpage.de/internisten-im-netz.de", "risk_center": "https://saferpage.de/risiko/internisten-im-netz.de", "vendor_register": "https://saferpage.de/anbieter/internisten-im-netz.de", "consent_center": "https://saferpage.de/consent/internisten-im-netz.de", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json" }, "completion_gate": "Antworten geprueft, Massnahmen/Restrisiko dokumentiert, Owner-Freigabe gespeichert und Re-Scan verlinkt.", "next_step": "Owner, SLA, Kontrollfrequenz, Re-Scan, Evidence Library und Managemententscheidung zusammenführen." }, { "id": "notice_lifecycle", "template": "Notice", "title": "Datenschutzhinweis-/Policy-Lifecycle", "status": "prepare", "priority": "mittel", "risk_score": 58, "question_count": 5, "assignee_role": "Datenschutz/Content/Legal", "reviewer_role": "DSB/Management", "due_in_days": 30, "reminder_schedule": [ "T+3", "T+7", "3 Tage vor Faelligkeit" ], "prefill_status": "vorbefuellt", "evidence_links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "report": "https://saferpage.de/internisten-im-netz.de", "risk_center": "https://saferpage.de/risiko/internisten-im-netz.de", "vendor_register": "https://saferpage.de/anbieter/internisten-im-netz.de", "consent_center": "https://saferpage.de/consent/internisten-im-netz.de", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json" }, "completion_gate": "Antworten geprueft, Massnahmen/Restrisiko dokumentiert, Owner-Freigabe gespeichert und Re-Scan verlinkt.", "next_step": "Entwurf, Cookie-Erklärung, Anbieterregister und Betroffenenrechte versioniert freigeben." }, { "id": "vendor_tia", "template": "Vendor/TIA", "title": "Vendor-/Transfer-Assessment", "status": "watch", "priority": "niedrig", "risk_score": 43, "question_count": 6, "assignee_role": "Legal/Vendor Owner", "reviewer_role": "Legal/Vendor Owner", "due_in_days": 30, "reminder_schedule": [ "T+3", "T+7", "3 Tage vor Faelligkeit" ], "prefill_status": "vorbefuellt", "evidence_links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "report": "https://saferpage.de/internisten-im-netz.de", "risk_center": "https://saferpage.de/risiko/internisten-im-netz.de", "vendor_register": "https://saferpage.de/anbieter/internisten-im-netz.de", "consent_center": "https://saferpage.de/consent/internisten-im-netz.de", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json" }, "completion_gate": "Antworten geprueft, Massnahmen/Restrisiko dokumentiert, Owner-Freigabe gespeichert und Re-Scan verlinkt.", "next_step": "Anbieterakte mit Zweck, Rolle, AVV/DPA, TOMs, SCC/TIA und Alternativen vervollständigen." }, { "id": "consent_assessment", "template": "Consent", "title": "Consent-/Preference-Assessment", "status": "watch", "priority": "niedrig", "risk_score": 35, "question_count": 6, "assignee_role": "Marketing/IT/Datenschutz", "reviewer_role": "DSB/Management", "due_in_days": 30, "reminder_schedule": [ "T+3", "T+7", "3 Tage vor Faelligkeit" ], "prefill_status": "vorbefuellt", "evidence_links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "report": "https://saferpage.de/internisten-im-netz.de", "risk_center": "https://saferpage.de/risiko/internisten-im-netz.de", "vendor_register": "https://saferpage.de/anbieter/internisten-im-netz.de", "consent_center": "https://saferpage.de/consent/internisten-im-netz.de", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json" }, "completion_gate": "Antworten geprueft, Massnahmen/Restrisiko dokumentiert, Owner-Freigabe gespeichert und Re-Scan verlinkt.", "next_step": "Default, Ablehnen, Akzeptieren und GPC testen; CMP-Plan, Nachweise und Cookie-Liste synchronisieren." } ], "assignments": [ { "id": "assign_dpia_threshold", "template_id": "dpia_threshold", "assignee_role": "Datenschutz/Legal/Product", "reviewer_role": "DSB/Management", "status": "ready_to_assign", "due_in_days": 7, "reminders": [ "T+1", "T+3", "faellig" ], "external_allowed": false, "handoff": "Fragen, Evidence Links, Re-Scan URL und offene Betreiber-Nachweise uebergeben." }, { "id": "assign_incident_breach", "template_id": "incident_breach", "assignee_role": "DSB/Legal/IT", "reviewer_role": "DSB/Legal/IT", "status": "ready_to_assign", "due_in_days": 2, "reminders": [ "T+1", "T+3", "faellig" ], "external_allowed": false, "handoff": "Fragen, Evidence Links, Re-Scan URL und offene Betreiber-Nachweise uebergeben." }, { "id": "assign_program_management", "template_id": "program_management", "assignee_role": "Programm-Owner/Datenschutz", "reviewer_role": "DSB/Management", "status": "ready_to_assign", "due_in_days": 7, "reminders": [ "T+1", "T+3", "faellig" ], "external_allowed": false, "handoff": "Fragen, Evidence Links, Re-Scan URL und offene Betreiber-Nachweise uebergeben." }, { "id": "assign_notice_lifecycle", "template_id": "notice_lifecycle", "assignee_role": "Datenschutz/Content/Legal", "reviewer_role": "DSB/Management", "status": "prepare", "due_in_days": 30, "reminders": [ "T+3", "T+7", "3 Tage vor Faelligkeit" ], "external_allowed": false, "handoff": "Fragen, Evidence Links, Re-Scan URL und offene Betreiber-Nachweise uebergeben." }, { "id": "assign_vendor_tia", "template_id": "vendor_tia", "assignee_role": "Legal/Vendor Owner", "reviewer_role": "Legal/Vendor Owner", "status": "watch", "due_in_days": 30, "reminders": [ "T+3", "T+7", "3 Tage vor Faelligkeit" ], "external_allowed": true, "handoff": "Fragen, Evidence Links, Re-Scan URL und offene Betreiber-Nachweise uebergeben." }, { "id": "assign_consent_assessment", "template_id": "consent_assessment", "assignee_role": "Marketing/IT/Datenschutz", "reviewer_role": "DSB/Management", "status": "watch", "due_in_days": 30, "reminders": [ "T+3", "T+7", "3 Tage vor Faelligkeit" ], "external_allowed": false, "handoff": "Fragen, Evidence Links, Re-Scan URL und offene Betreiber-Nachweise uebergeben." } ], "status_board": [ { "status": "ready_to_assign", "label": "Zuweisen", "count": 3, "action": "Owner und Reviewer festlegen, Frist bestaetigen." }, { "status": "prepare", "label": "Vorbereiten", "count": 1, "action": "Interne Fakten und fehlende Evidence sammeln." }, { "status": "watch", "label": "Beobachten", "count": 2, "action": "Bei neuem Vendor, Datenfluss oder CMP-Aenderung erneut bewerten." }, { "status": "completed", "label": "Abgeschlossen", "count": 0, "action": "Freigabe, Restrisiko und Re-Scan-Nachweis archivieren." } ], "workflow_controls": [ { "id": "versioning", "label": "Versionierung", "requirement": "Template-Version, Antworten, Evidence Links und Freigaben unveraenderbar referenzieren." }, { "id": "reminders", "label": "Reminder", "requirement": "Offene Assignments vor Frist erinnern und Eskalation an Reviewer ausloesen." }, { "id": "evidence_gate", "label": "Evidence Gate", "requirement": "Assessment erst schliessen, wenn Re-Scan, Exportpaket oder begruendete Betreiberentscheidung verlinkt ist." }, { "id": "external_vendor", "label": "Externe Vendor-Antworten", "requirement": "Vendor-Fragen ohne Rohdaten betroffener Personen teilen und Ruecklauf als Evidence speichern." } ], "links": { "assessment_center": "https://saferpage.de/assessment/internisten-im-netz.de", "workflow_json": "https://saferpage.de/assessment/internisten-im-netz.de/workflow-json", "workflow_csv": "https://saferpage.de/assessment/internisten-im-netz.de/workflow-csv", "queue_json": "https://saferpage.de/assessment/internisten-im-netz.de/queue", "questionnaire_markdown": "https://saferpage.de/assessment/internisten-im-netz.de/questionnaire-md", "data_system_inventory": "https://saferpage.de/daten/internisten-im-netz.de/systems-json", "vendor_questionnaire": "https://saferpage.de/anbieter/internisten-im-netz.de/questionnaire-md" }, "disclaimer": "Workflow-Paket fuer Betreiber: SaferPage erstellt keine echten externen Accounts und versendet keine Reminder, sondern liefert Template-, Assignment- und Reminder-Daten fuer die interne Umsetzung." }