Processing assessment

In this article, we will find out how to evaluate the processes, within UTOPIA
Processing assessment
Risk calculation and assisted assessment
Directly from a processing activity card, you can specify the overall level of risk detected.


Why evaluate a processing activity?

Processing activity evaluation is fundamental in the context of accountability, a procedure that helps the controller to focus its attention on the processing activities which could be the most risky for the rights and freedom of the data subjects.


Calculating the overall level of risk of a process allows you to:

  • Evaluate the adoption of new security measures
  • Divide the processing activities based on the risk level
  • Look at the requirements for high-risk processing activities

The calculation of the level of risk is an operation that should not be delayed for long periods but carried out in a timely manner with the aim of identifying and adopting countermeasures appropriate to the risk detected.


Assisted evaluation mode

To calculate the risk level of a processing activity, you can use the assisted evaluation mode.

The assisted evaluation mode combines different linked elements: the level of impact of a processing activity and the likelihood of a threat.


When you switch the assisted mode on it is not necessary to manually specify a risk value; it is automatically calculated.


Before proceeding with the assisted evaluation it is very important to understand the values used in the multiple answers. You can find the explanation of the levels of impact and likelihood directly in UTOPIA.

Once you have understood all the values, the time has come to proceed with the evaluation of the processing activity divided into 5 distinct sections.


Evaluation procedure

The first section deals with the level of impact on the subject and takes into account the possible lack of the security requisites indicated in Art.32 of the regulations:


  • Privacy
  • Integrity
  • Availability

For each point specify the level of impact on the subject and briefly describe the motivation behind the choice.

Evaluation areas


For each area, answers the questions, and it will show the probability of a threat occurring within that same area.


At the end of the evaluation procedure, UTOPIA automatically calculates the risk value of a processing activity and, if it’s high or very high, it will suggest the creation of an impact evaluation, as required by Art. 35 of the regulations.

Torna alla documentazione

Create your account for free

Crea il tuo account personale in meno di un minuto e scopri tutte le potenzialità di UTOPIA. Tutto incluso e senza alcuna limitazione, gratuitamente, per 14 giorni.

Already over 1000 customers
No credit card required
Try it for 14 days, with no limitations
By clicking the button the processing conditions are accepted
Iscrizione effettuata con successo!
Si è verificato un errore imprevisto durante l'iscrizione. Riprova...