1. Home
  2. Knowledge Base
  3. User guide
  4. Processes
  5. Loss of confidentiality assessment on a process

Loss of confidentiality assessment on a process

Document the potential consequences for the data subject (the individual whose information is collected and processed) if the personal information in this business process is accecced by unauthorised people (both inside or outside the organisation) due to an incident (the incident could be a hacking attack or if e-mails are accidentally send to the wrong person) – and assess the probability of incidents where the confidentiality of personal information is lost.

Click the edit icon on the right-hand side to select the appropriate level of consequences and probabilities


Choose between ‘Very High’, ‘High’, ‘Low’, ‘Very Low’ consequence for the data subject.

If sensitive personal data is included in the process or if data is shared with third countries or if particularly risky processing of data is included in the process such as profiling or similar, it may mean that the risk of loss of confidentiality is higher for the data subjects.


Choose between ‘Very Likely’, ‘Likely’, ‘Unlikely’, ‘Very Unlikely’ probability of loss of availability.

The probability assessment may depend on whether there has been a loss of confidentiality of personal data in this process in the past, or whether the relevant organisational or technical security measures in the process or in the systems have been deemed to be weak. (security measures are what the organisation does to manage risks)

State the reasons for your assessments in the description box.


Once the risk is documented, the legal officer must validate that the current status can be accepted in accordance with EU GDPR. You can view existing validations by clicking ‘View validation log’ and ‘View more’.

Was this article helpful?

Related Articles

Need Support?

Can't find the answer you're looking for?
Contact Support

Want to hear more?

Let's talk about how our experience and software can help your company.