The GDPR regulation requires a risk assessment for all processing activities to decide if a Data Protection Impact Analysis (DPIA) is necessary. This risk assessment is potentially based, among other things, on the score of the detailed qualification of the processing activity. Requirements for this qualification can vary from country to country. ARIS Accelerators for GDPR uses the Risk Management of ARIS Risk and Compliance to assess the risk of each processing activity. ARIS Risk and Compliance ensures the segregation of duties principle and offers an audit trail of any changes. It is a good advice to create a GDPR impact type (risk impact type) for such assessments in ARIS Risk and Compliance. The impact type can be customized. For detailed information, refer to the ARIS Accelerators for GDPR Installation Guide.
The assessment of risks with the Risk Management of ARIS Risk and Compliance is performed in two steps for each processing activity: