Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Process Risk Overview

The Process Risk Overview is where Data Protection Officers, compliance officers, and risk managers come to verify how DPMS calculates risk for Data Protection Impact Assessments (DPIAs) — checking that likelihood levels and financial damage thresholds are correctly configured before any DPIA assessment begins.

The DPIA Risk Model is the engine behind every risk score DPMS assigns to a processing activity or a Data Protection Impact Assessment. Before you kick off a DPIA, someone on your team needs to have set up this model — defining what "High likelihood" means numerically, and what financial ranges separate "Medium damage" from "Critical damage." The Process Risk Overview is where you come to read that configuration, confirm it looks right, and jump into editing it if something needs to change. Think of it as the summary page for your organisation's DPIA risk calibration.

How to open it

Navigate to Settings in the top navigation bar, then select Risk Settings from the left-hand menu. If you see DPIA Risk Model in that menu, click it. If it does not appear (it may be hidden in your installation), go directly to /risk/settings/process in your browser's address bar or ask your system administrator to make the menu item visible.

Heads up: Access to this screen requires the Risk Settings read permission. If you land on a "403 Forbidden" page instead of the risk model overview, contact your IT administrator to have the correct permission assigned to your account.

What you see

The screen is split into two side-by-side zones. On the left is the Risk Settings navigation panel, which lists the different risk configuration areas available in your system — such as Standards, Control Sets, Risk Scenarios, Maturity Model, and Deadlines and Urgency. The active section (DPIA Risk Model) is highlighted. You can click any item in this panel to jump to a different area of Risk Settings without going back to the main Settings page.

The right-hand side is the content area for the DPIA Risk Model. At the very top, a small breadcrumb line reads Settings › Risk Settings › DPIA Risk Model, so you always know exactly where you are. Directly below that is a title row describing the purpose of the DPIA risk model, with an Edit button sitting to the right. The majority of the screen below this title is occupied by the risk model tables — one showing likelihood categories and one showing damage (financial impact) categories, each with their configured numerical values or ranges.

If the model has never been set up yet, both tables will appear empty. In that case, the Edit button is the only meaningful action available to you.

Working with this screen

Reviewing the DPIA risk model before an assessment

Before guiding your team through a DPIA for a new processing activity, it is good practice to confirm that the risk model is properly calibrated. Start by reading the Likelihood table. Each row shows a risk level — for example, "Very Low", "Low", "Medium", "High", or "Very High" — connected by a separator line to its corresponding numerical score. This score is what DPMS uses internally when calculating the risk of a processing activity. Make sure the scale makes sense for your organisation's risk appetite.

Next, scroll down to the Damage table. Here you will see each damage category alongside a financial range (minimum to maximum value) and the currency your organisation has configured. For example, "High" damage might be configured as "500K – 1M EUR." These thresholds determine how DPMS categorises the financial impact side of any risk event. If the ranges look correct and the currency matches your jurisdiction, your model is ready to use.

If everything looks good, you can close this screen and proceed with your DPIA. The risk scores that appear on DPIA records and processing activities will reflect exactly what you see here.

Tip: Large financial values are displayed in abbreviated form — 1,000,000 appears as "1M", for example. If you need to see the exact figure, click Edit to open the full configuration form, where precise numbers are shown.

Updating the model after a policy or regulatory change

When your organisation's risk policy changes — or after a regulatory update requires you to recalibrate your likelihood scale — you will need to edit the model. From this overview page, click the Edit button next to the section title. DPMS will navigate you to the full DPIA Risk Model edit form, where you can adjust likelihood values, damage ranges, currency, risk categories, and thresholds.

Once you have saved your changes on the edit form, DPMS automatically redirects you back to this overview screen. The updated values will be immediately visible in the likelihood and damage tables. Every DPIA and processing activity record in the system will now use the new values when calculating risk scores — no manual refresh is needed.

Navigating between risk configuration areas

If you realise you need to check a different part of Risk Settings — for example, the Maturity Model or Deadlines and Urgency — use the left-hand navigation panel rather than going back through the main Settings menu. Click the relevant item in the list and DPMS will take you directly to that configuration area. Only the sections you have permission to view will appear in this panel.

Field reference

The overview screen itself contains no editable fields — it is read-only. The tables display the following information:

Likelihood table

  • Level name (left column) — The human-readable label for each likelihood level (e.g., "Very Low", "Medium", "Very High"). Configured on the edit screen.
  • Numerical value (right column) — The internal risk score assigned to this likelihood level. Used by DPMS to calculate the combined risk score on DPIA records.

Damage table (only visible if damage categories have been configured)

  • Category name (left column) — The label for each damage tier (e.g., "Low", "High", "Critical").
  • Range (right column) — Shown as minimum – maximum currency, for example "100K – 500K EUR". Large numbers are abbreviated (K = thousands, M = millions).

How this connects to the rest of DPMS

The DPIA Risk Model configured here is the foundation for risk scoring across your DPIA and processing activity workflows. If this model is incomplete or misconfigured, risk scores shown on processing activities and DPIA records will be unreliable or missing entirely.

The most important downstream connection is to DPIA assessments: every automated risk score calculated during a DPIA draws its likelihood and damage values directly from what is shown on this screen. Similarly, risk scenarios linked to DPIA objects are evaluated using this same model. If you change the likelihood or damage values here, those changes ripple through to all future risk calculations — though previously saved DPIA records may not automatically recalculate.

After reviewing or updating this screen, the natural next step is to open a DPIA record or processing activity and verify that the risk scores displayed there align with your expectations. If you are setting up the model for the first time, you may also want to check the other Risk Settings areas — particularly Risk Scenarios — to ensure consistent configuration across the system.

Tips & common pitfalls

Heads up: The DPIA Risk Model menu item may not appear in the Risk Settings sidebar in your installation. If you cannot find it, navigate directly to /risk/settings/process in your browser, or ask your administrator to enable the menu item.
Heads up: The Edit button is visible to anyone who can view this page, even if they do not have editing permission. If a read-only user clicks Edit, they will see a 403 Forbidden error on the edit page. This is expected behaviour — only users with the Risk Settings edit permission can make changes.
  • Empty tables mean the model has not been configured yet. If you see the title and the Edit button but no likelihood or damage rows, the DPIA Risk Model has never been set up. Click Edit to open the configuration form and build the model from scratch.
  • Damage values are abbreviated for readability. "1M EUR" means 1,000,000 EUR. To see exact figures, open the edit form.
  • Changes take effect immediately system-wide. As soon as you save on the edit screen, all components in DPMS that read the DPIA risk model — including the risk score displays on DPIA records — will reflect the updated configuration.
  • This model is separate from the Asset and Vendor risk models. Changes you make here do not affect how risk is calculated for IT assets or vendors. Each risk domain has its own model and its own settings page within Risk Settings.


Was this article helpful?

English
Powered by Product Fruits