Bug - DPIA and TIA Can Be Saved Without Mandatory Fields in Processing Activities

[tanushree-coder-girl]

Description:

In the Processing Activities module, after adding a new Processing Activity via the sidebar tab and then editing it, users can create DPIA (Data Protection Impact Assessment) and TIA (Transfer Impact Assessment) records and save them without filling any mandatory fields. This violates GDPR compliance rules.

Steps to Reproduce:

1. Click on Processing Activitie' from the sidebar.
2. Add a new Processing Activity.
3. Edit the newly created Processing Activity.
4. Navigate to the 'Data Protection Impact Assessment' (DPIA) tab.
5. Create a DPIA without filling any fields.
6. Click Save.
7. Navigate to the 'Transfer Impact Assessment' (TIA) tab.
8. Create a TIA without filling any fields.
9. Click Save.

Actual Result:

• DPIA and TIA records are saved with all fields empty.
• Only the Processing Name from Overview is reflected.
• No validation or warning is displayed.

Expected Result:**

• DPIA tab must require at least: Description, Potential Risk, Residual Risk.
• TIA tab must require at least: Data Subjects, Transfer, Legal Mechanism, Local Law Risk.
• System should prevent saving and display an error message indicating that mandatory fields are missing.

Note:
I would like to work on fixing this issue if approved or needed.

[SachaProbo]

Thanks for raising this issue. We did not make those fields mandatory to allow people to avoid filling them in all at once.

[tanushree-coder-girl]

Understood, thanks for the clarification.