Document the potential consequences for the data subject (the individual whose information is collected and processed) if the personal information in this business process is incorrect due to an incident or registration errors (the incident could be a hacking attack or human errors etc.) – and assess the probability of incidents where the personal information is incorrect.
Click the edit icon on the right-hand side to select the appropriate level of consequences and probabilities
Choose between ‘Very High’, ‘High’, ‘Low’, ‘Very Low’ consequence for the data subject.
When assessing the consequence, consideration may be given to whether the data subject’s freedom of action is limited or whether processing of incorrect information may have significant financial, legal or other consequences.
Choose between ‘Very Likely’, ‘Likely’, ‘Unlikely’, ‘Very Unlikely’ probability of loss of integrity.
The probability assessment may depend on whether there has been incidents of incorrect processing of personal information in this process in the past, or whether the relevant organizational or technical security measures in the process or in the systems have been deemed to be weak. (security measures are what the organisation does to manage risks)
State the reasons for your assessments in the description box.
Once the risk is documented, the legal officer must validate that the current status can be accepted in accordance with EU GDPR. You can view existing validations by clicking ‘View validation log’ and ‘View more’.