Create a GDPR impact type in ARIS Risk & Compliance Manager

You can assess a risk in ARIS Risk & Compliance Manager based on various impact types. The GDPR impact type is used for risks related to processing activities. The data protection officer uses the GDPR impact type to decide whether or not a processing activity involves a high risk for a data subject.

Prerequisites

Procedure

  1. Start ARIS Risk & Compliance Manager.
  2. Click ARIS Risk & Compliance Manager Administration Administration.
  3. Under System management, click System.
  4. Click Risk Management. The form is displayed.
  5. Click New New in the Impact types row. The Create impact type dialog opens.
  6. Select No template (create new impact type).
  7. Click OK. The Impact type form opens.
  8. Enter a name for the impact type, for example, GDPR impact.
  9. Assign impact and frequency values for the qualitative assessment (Create assignment) or create new ones (New).
  10. If you want risk scores to be calculated, add weightings to the values.
  11. Click a cell in the value matrix to specify the color in which the impact type is to be displayed in the risk matrix (qualitative).
  12. Click OK.
  13. Edit the optional fields. Enter a description, for example.
  14. Click Save Save.

The GDPR impact type is created.

Example

GDPR impact type