This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hopex GDPR Presassessment default values

Go to solution
cnisparnorddk
Super Contributor

‎15-02-2021 01:45 PM

Are the Final Risk Level and Final Compliance Level automatically set according to the details entered into the processing activities?

0 Likes
5 Replies

Go to solution
mimperiali
MEGA
MEGA
In response to cnisparnorddk

‎16-02-2021 12:18 PM

Hi Claus,

Yes please. A new thread would be better. I'm getting the info you requested so I should be able to come back to you shortly.

Go to solution
cnisparnorddk
Super Contributor
In response to mimperiali

‎16-02-2021 11:56 AM

Please see replies below. We don't understand how Net Risk is calculated and we don't see that the Final Risk Level is calculated corretly. Shall we open a new thread with this issue?

0 Likes

Go to solution
cnisparnorddk
Super Contributor

‎16-02-2021 11:05 AM

Can you also explain to me how Net Risk is calculated?

It doesn't change when I'm changing "Risk" and "Risk Mitigation"

cnisparnorddk_0-1613469902864.png

 

0 Likes

Go to solution
cnisparnorddk
Super Contributor

‎15-02-2021 02:31 PM

Just what I needed. Thanks 🙂

0 Likes

Go to solution
mimperiali
MEGA
MEGA

‎15-02-2021 02:11 PM

Good morning Claus,

Yes they are. Their value is based on the 5 compliance indicators of the processing activity:

1) Legal Basis Compliance Level

2) Data Minimization Compliance Level

3) Data Subjects' Rights and Notice Management Compliance Level

4) Data Transfers Compliance Level

5) Security Measures Compliance Level

 

In order to compute the Final Compliance Level, the algorithm sums the 5 indicators values, based on the following scoring table:

mimperiali_1-1613394368518.png

The result is averaged and rounded to the smallest integer. Please not that if a compliance indicator is left empty, it is considered as if it was set to "Not Compliant".

 

For the Final Risk Level, instead, the algorithm sums the 5 indicators values, based on the following scoring table:

mimperiali_2-1613394457443.png

The result is averaged and rounded to the biggest integer, then we subtract one.

 

Also the field "Subsequent Action" is automatically computed.

For Pre-Assessments:

  • If the Final Risk Level is either High or Very High, then the Subsequent Action is "Run a DPIA"
  • Otherwise it is "Other"

For DPIAs:

  • If the Final Risk Level is either High or Very High, then the Subsequent Action is "Notify Supervisory Authority"
  • Otherwise it is "Other"

Best,

 

Mike

MEGA International © 1994 - 2024. All rights reserved