The RISK ASSESSMENT GDPR tool aims to help data processors and controllers in identify risk factors for the rights and freedoms of data subjects whose data are present in the processing, to make a first assessment of the intrinsic risk, including the need to perform a DPIA, and to estimate residual risk if measures and guarantees are used to mitigate specific risk factors.
The purpose of this tool is to support managers and managers in their risk management process for rights and freedoms and, where appropriate, the implementation of the DPIA, in line with the “Risk management and impact assessment in personal data processing” published by the AEPD.
The risk factors deployed in this tool are not exhaustive, but minimal, and the responsible party must identify those that are specific to the treatment and include it in its evaluation.
The assessment of the level of risk for each factor carried out by the tool, as well as the final calculation of the level of risk, is of a general nature and involves a minimum assessment that: where appropriate, it shall be adjusted by the controller to determine the level of risk of the treatment accurately.
gestion-riesgo-y-evaluacion-impacto-en-tratamientos-datos-personales (1)FONTE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELLA SPAGNA – AEPD