Directly from a processing activity card, you can specify the overall level of risk detected.
Processing activity evaluation is fundamental in the context of accountability, a procedure that helps the controller to focus its attention on the processing activities which could be the most risky for the rights and freedom of the data subjects.
Calculating the overall level of risk of a process allows you to:
The calculation of the level of risk is an operation that should not be delayed for long periods but carried out in a timely manner with the aim of identifying and adopting countermeasures appropriate to the risk detected.
To calculate the risk level of a processing activity, you can use the assisted evaluation mode.
The assisted evaluation mode combines different linked elements: the level of impact of a processing activity and the likelihood of a threat.
When you switch the assisted mode on it is not necessary to manually specify a risk value; it is automatically calculated.
Before proceeding with the assisted evaluation it is very important to understand the values used in the multiple answers. You can find the explanation of the levels of impact and likelihood directly in UTOPIA.
Once you have understood all the values, the time has come to proceed with the evaluation of the processing activity divided into 5 distinct sections.
The first section deals with the level of impact on the subject and takes into account the possible lack of the security requisites indicated in Art.32 of the regulations:
For each point specify the level of impact on the subject and briefly describe the motivation behind the choice.
For each area, answers the questions, and it will show the probability of a threat occurring within that same area.
At the end of the evaluation procedure, UTOPIA automatically calculates the risk value of a processing activity and, if it’s high or very high, it will suggest the creation of an impact evaluation, as required by Art. 35 of the regulations.