Make a risk assessment of your processing activities based on probability and consequence
The General Data Protection Regulation (GDPR) requires organisations to conduct ongoing risk assessments to protect personal data. Our Privacy platform's risk assessment module makes it easy to conduct risk assessments on your processing activities, taking into account both probability and consequences. With the help of this module, you can identify high-risk processing activities and document mitigating measures such as new safety measures.
Privacy calculates a classification for your processing activities
Privacy provides a number of classification scenarios that are used to check the criticality of your processing activities. For instance, do you transfer data to a data processor without having an agreement? This will give you a "high" score in the processing activity classification.
The classification has nothing to do with the risk assessment, but you need to be aware of processing activities with high classification and see if this can be improved. At the same time, it will make sense to start making your actual risk assessment on your processing activities with the highest classifications.
Risk assessment based on risk questions
The risk assessment is based on several risk questions. The risk questions have been prepared by Bech-Bruun's GDPR experts. The risk questions are divided into probability and consequence questions. If you need additional information regarding a consequence question, you can click on the information icon. Where it makes sense Privacy show information from your processing activities in the risk questions. In this way, it is easier for you as a user to answer the question, based on relevant information for your organization. The risk assessment is only considered completed when you have answered all the risk questions. A progress bar will guide you in terms of the status of each risk assessment.
Your risk score - the calculation
Based on your answers to the risk questions, your processing activity will get a "Probability score" and a "Consequence score". The question with the highest score will conclude the overall score. In the risk module, you will see the actual score and an average score for all your answered questions.
Based on your probability and consequence score, Privacy assigns an overall risk score to the processing activity. This score is calculated based on a risk matrix.
Overview of processing activities in a risk matrix
You can get an overview of the risk distribution of your processing activities in a risk matrix, which is based on probability and consequence. Click in the matrix and see, for example, all your high-risk processing activities in the list below.
Filter your risks to focus on specific risk groups
Privacy also allows you to filter your risks so you can focus on specific risk groups. Filter at the following risk levels: Very low, low, moderate, high and very high.
Risk of processing activities
You can also see your risk on the overview of your processing activities as well as on an open processing activity. For each processing activity, you are able to see a status showing how far you are with the assessment based on the number of risk questions answered.
