Risk assessment

A privacy risk (definition: PIA methodology www.cnil.fr) is a hypothetical scenario that describes:

how risk sources

could exploit the vulnerabilities in personal data supporting assets

in a context of threats

and allow feared events to occur (e.g. illegitimate access to personal data)

on personal data

thus generating impacts on the privacy of data subjects (e.g. unwanted solicitations, feelings of invasion of privacy, etc.).

Risk assessment is a continuous improvement process. It requires several iterations to achieve an acceptable privacy protection system. It also requires a monitoring of changes over time (in context, controls, risks, etc.), for example, every year, and updates whenever a significant change occurs.

The legislation only makes it mandatory for a number of cases, however, it's easier to tackle the legislation if you carry out a risk assessment for all of your data assets.

Bizoneo allows