Data protection impact assessment, data protection impact assessment (DPIA)
The Risk module can be used to perform and maintain data protection impact assessments and data security risk analyses. The assessment can help evaluate data protection and data security threats, taking into account existing available and technical protection measures and current vulnerabilities and deficiencies. It is also suitable for evaluating the possible business and data protection (material, goodwill, legal consequences, the aspects of data subjects) damage effects of the outcomes of these events. Data protection risk reports and management plans can be prepared.
The data protection impact assessment is a risk assessment developed by taking internal recommendations into account, where:
- The resource scope of the assessment can be customized (data processing activities, data sets, IT systems and the subordinated resources, human resources, etc.).
- Developed data protection threat, vulnerability and protective measure lists that can be freely expanded and customized.
- The examination of the results of the various events by way of the relationships between resources. Status spread and impact tracking based on a cause and effect graph. The status change of dependent resources can be followed starting from the entry of threats to the status change in resources causing data protection damages. All this can also be displayed in a graphical format.
- A customizable data protection damage table is available for the uniform recording of impact values, which table also contains the damage effect aspects that the data subjects can incur. It also takes the possible dimensions of the company’s business damages into account.
- The system provides data protection risk lists with reports. The risk evaluation methodology can be customized (scales, risk matrices, equations).
- The software created graphical dependency diagrams of individual risks, which can be used to trace back parameters of certain risks and with its help risks can be easily revised
- Management measures can be assigned to the data protection risks, the implementation of which is traceable.
Risk management decisions can be made concerning data protection risks. Risk management measures can be defined depending on this decision, then the state of implementation can be monitored. Certain measures can be planned in detail by taking into consideration the human and financial costs. The implementation of risk management measures can be monitored in real time. Thus, risk reports on the initial state, current risk management status and future status to be achieved can be prepared and compared.
A comprehensive Risk Analysis Report on the risk analysis activity can be exported, which includes:
- records of processing activities
- the applied data protection risk analysis methodology
- the method for executing the methodology and the identified data protection risks
- risk analysis measures and their current status