Important notice
The Classic Experience will be sunset on
Aug. 1.
If you have questions, contact your Customer Success and Implementation Manager,
Account Manager, or
support@trustarc.com.
Automation Rules let you apply conditional logic to your privacy program, so you can define exactly when a risk assessment is — or isn't — required for a record. Using a risk-based approach, rules can automatically guide users to skip assessments for low-risk records, or recommend a specific assessment based on the content of the record.
This article explains how to create an Automation Rule and configure its conditions using Rule Setup.
Use Automation Rules for privacy programs that:
•Want to take a risk-based approach and only assess records that meet a certain risk level or contain specific information — an "assessment not required" rule can be created so users know no action is needed.
•Want specific assessments completed based on the information in the record, such as hosting locations, data elements, data subject type, or location.
•Want specific assessments completed based on the organization hierarchy unit that owns the record. For example, if a record is owned by the French Marketing Department, a French DPIA can be recommended.
What you can do
✓Create conditional rules that determine when a risk assessment is required
✓Recommend specific assessment templates based on record content or ownership
✓Mark records as not requiring an assessment, so users are guided to skip them
Adding an Automation Rule
To create an Automation Rule, follow these steps:
1
From the left side of the page, hover over the Data Mapping & Risk Manager icon, then navigate to Settings > Automation Rules.
📋 Note: The Automation Rules page is empty by default. Once rules have been created, each rule displays the following information:
•Rule Name
•Application — Currently, rules can only be created for Risk Profile.
•Action Triggered
•Description
•Last Updated
•Status — Shows whether the rule is currently processing or has been applied.
•Active
•Actions — Edit opens the rule configuration modal; Delete removes the rule.
2
Click the Add Rule button 1.
3
In the modal that appears, complete the following fields:
Rule Name
Enter a descriptive name for the rule.
Select the application where this rule should be applied
The dropdown currently contains Risk Profile only, but may include other applications in the future.
Record Type
Select the types of records this rule applies to — Third Party Record, Business Process Record, or System Record.
Description
Enter an optional description to explain the purpose of the rule.
Rule Setup
Define the conditions that trigger this rule. See the Rule Setup section below for detailed instructions.
Rule Preview
Updates automatically based on the Then statement you configure. Displays a preview of how the Risk Profile assessment popup or risk assessment column will appear once the rule is applied.
Rule Setup
Rule Setup is where you define the conditions that must be met for the rule to fire. Complete the following steps within the Rule Setup section of the Add Rule modal:
1
Choose the logic type for the rule conditions:
If all of the following is true — All criteria entered in the rule must be met for it to fire. Uses AND logic.
If any of the following is true — At least one of the criteria must be met for the rule to fire. Uses OR logic.
2
From the value dropdown, select the record attribute to evaluate:
•Record Type
•Inherent Risk
•Records Owning Organization
•Processing Purpose
•Data Element
•Data Subject Type
•Data Subject Location
•Data Subject Volume
•Data Recipient Type
•Data Recipient Location
•Hosting Location
•Tag
•Legal Basis
3
Select an operator from the operator dropdown. The available operators change depending on the value selected in the previous step.
•Is any
•Is all
•Is not any
•Is not all
4
From the Select value dropdown, choose the specific value to match. This list updates automatically based on the attribute selected in Step 2 — for example, if Data Subject Type was selected, this dropdown will show your configured data subject types. Values are pulled from your account's custom dropdown list settings.
5
To add another condition line, click Add Criteria2.
6
To add an additional logic set, click Add Logic Set3. You can select and/or and all/any logic between the rule groups.
7
From the Then dropdown, select the action to take when the rule conditions are met. Choose one of the following options:
Complete Risk Assessment
Recommends a specific assessment template when a user creates an assessment from Risk Profile. The template list aligns with the assessments enabled in Risk Assessment Configuration Settings. A preview of the rule is shown in the right panel.
Do Not Complete Risk Assessment
Marks the record as not requiring an assessment. The Risk Assessment column for matching records will display Not Required. Hovering over the cell shows a message confirming that an assessment is not required due to an Automation Rule. The Start Assessment button within Risk Profile also changes to Not Required.
8
Once all fields are complete and the rule criteria is entered, click Add Rule at the bottom of the modal.
You are automatically redirected to the Automation Rules list page, where you can monitor the status of the new rule:
•Processing — The system is evaluating all existing records to determine where to apply the rule.
•Applied — The rule has been successfully applied to all matching records.
•Error — The rule was not applied due to an issue with the rule configuration.
•Inactive — The rule has been turned off using the Active toggle in the status column.