The product

The whole DPIA lifecycle, in one governed loop

Create an assessment, run triage, and let routed outcomes build the rest. Simpriva's MVP is deliberately one product loop — demonstrable end to end, not a pile of disconnected modules.

01

Create & triage

Auto-referenced assessment; branching questions score and route.

02

Routed outcomes

DPIA, ROPA, by-design actions, risks & evidence pre-populated.

03

Review & approve

Per-section comments, gates and the full workflow status set.

04

Lock & report

Versioned PDF, snapshotted rules, dashboard & audit visibility.

Five workflows define the MVP

Everything else exists to support them.

W1 · TRIAGE

Assessment creation & triage

Universal plus sector- and scenario-filtered questions with branching. The engine computes a score, applies compound and severe-trigger rules, and produces a routed outcome with a plain-English rationale. Reviewers can override with a recorded comment.

W2 · DPIA

DPIA completion

Sections show dynamically based on triggers — AI/ADM, monitoring, Article 9/10, transfers, suppliers, children/vulnerable people, PECR advisory. Core sections always appear, fields pre-populate from triage, and critical incomplete sections block submission.

W3 · RISK

Risk, by-design & evidence loop

Answers generate suggested risks (accept / edit / reject), scored against your matrix with initial and residual bands. Findings generate by-design actions and evidence requirements. High residual risk requires senior acceptance; missing critical evidence blocks approval.

W4 · REPORT

Review, approval & report

Draft → in progress → awaiting evidence → awaiting DPO review → returned / approved / approved with conditions / escalated / rejected. On approval, the assessment snapshots the rule and matrix versions in force and generates a locked, versioned report.

W5 · ROPA

ROPA maintenance

Personal-data processing creates or updates a draft ROPA record pre-populated from triage and DPIA. The owner confirms or edits; the record carries status, review date, links to the DPIA, by-design actions and risks, with overdue and incomplete flags surfaced on the dashboard.

Roles & segregation

The right people, the right gates

Role-based access is enforced server-side. The system suggests; a human always decides.

Organisation Admin

Org profile, users, roles, sector packs, matrix selection.

Project Owner / Author

Creates assessments, completes triage and the DPIA.

DPO / Privacy Reviewer

Reviews, comments, returns, approves, escalates.

Senior Risk Owner

Accepts high residual risks with a recorded rationale.

Legal & Security Reviewers

Lawful basis, Article 9/10, transfers, TOMs, suppliers.

Viewer / Auditor

Read-only access to assessments and the audit trail.

Want to see it on your own processing?

We'll walk a real assessment through the loop with you.

Book a walkthrough