Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Release 245 (12.04.2025)Release 246 (15.04.2025)Release 247 (23.04.2025)Release 248 (24.04.2025)Release 249 (25.04.2025)Release 252 (04.05.2025)Release 255 (12.05.2025)Release 259 (07.06.2025)Release 261 (11.06.2025)Release 262 (12.06.2025)Release 264 (14.06.2025)Release 266 (22.06.2025)Release 250 (28.04.2025)Release 251 (30.04.2025)Release 253 (07.05.2025)Release 254 (08.05.2025)Release 256 (18.05.2025)Release 257 (25.05.2025)Release 258 (01.06.2025)Release 260 (10.06.2025)Release 263 (13.06.2025)Release 265 (18.06.2025)Release 267 (24.06.2025)Release 269 (28.06.2025)Release 268 (28.06.2025)Release 276 (16.05.2025)Release 275 (09.05.2025)Release 274 (07.05.2025)Release 273 (05.05.2025)Release 272 (02.05.2025)Release 271 (29.04.2025)Release 270 (25.04.2025)Release 269 (25.04.2025)Release 268 (23.04.2025)Release 267 (22.04.2025)Release 265 (14.04.2025)
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

Release 252 (04.05.2025)

Release 252 is a major update that introduces comprehensive privacy risk management across ROPA, DPIA, Projects, and Vendors, alongside a new rich-text editor, Control Sets, and significant improvements to international standards and risk settings.

New Release

Version: 252
Release Date: 04.05.2025 19:00 CET

Overview

Release 252 is one of the most substantial updates to the Priverion DPMS to date. It brings a fully redesigned risk management experience — including privacy risk models, treatment plans, and AI-assisted risk scenarios — across Records of Processing Activities (ROPA), Data Protection Impact Assessments (DPIA), Projects, and Vendors. In addition, a new rich-text editor (Lexical) has been introduced for description and comment fields, and a new Control Sets feature allows organisations to create and manage custom control frameworks.

Contents

  • What's new
  • Improvements
  • Fixes
  • Known issues

What's new

Privacy Risk Model for ROPA (NG-3400, NG-3401)

ROPA entries now support a dedicated Privacy Risk Model alongside the existing risk models. This single-dimension model reflects the specific nature of privacy risks, with dedicated likelihood and damage selectors, scenario management, and threshold configuration.

Risk Scenarios across DPIA, Projects, and Vendors (NG-3870, NG-3871)

Risk scenarios can now be created, viewed, and managed directly within DPIA, Project, and Vendor records — not only in ROPA and Assets. Each area supports the full risk workflow including scenario creation, treatment options, suggested TOMs, and current risk display.

Treatment Plans per Standard (NG-1953, NG-1954, NG-1955)

Treatment plans and treatment statuses are now tracked per international standard within ROPA risk management. This allows organisations to maintain separate treatment progress for each active compliance framework.

Control Sets (NG-2252, NG-2356, NG-2643, NG-2869, NG-2897)

A new Control Sets area has been introduced, enabling organisations to build and manage custom sets of controls independent of built-in international standards. Control Sets can be activated in Risk Settings, searched, and linked to risk scenarios and TOMs.

Rich-Text Editor (Lexical)

Description and comment fields throughout the platform now use a new rich-text editor (Lexical). Users can apply bold, italic, and other text formatting, add hyperlinks, create lists, adjust text size, and use keyboard shortcuts — replacing the previous plain-text areas.

Scenario Below Threshold for ROPA (NG-3398)

ROPA risk scenarios whose score falls below the configured threshold are now clearly identified, with a dedicated prompt allowing users to review or accept the below-threshold status.

AI-Assisted Risk Scenarios for ROPA (NG-3394)

The AI assistant can now suggest risk scenarios directly within ROPA, consistent with the AI assistance already available in the Asset and Process risk areas.

Organisation Unit Export (NG-3865)

Organisational units can now be exported to Excel directly from the relevant settings screen.

Search by Attribute for TOMs (NG-983)

A new search-by-attribute capability has been added to the TOMs area, allowing users to find TOMs quickly by specific field values rather than only by name.

DPIA Risk Settings Page

A dedicated DPIA Risk Settings page is now available under Risk Settings, allowing administrators to configure risk models and thresholds specifically for DPIA records.

Updated International Standards

The following standards have been updated or added to the platform's standard library:

  • AI Act 2024 (updated)
  • ISO 42001:2023 and ISO 42001 Annex A+B (updated)
  • Cyber Resilience Act – Annexes (CRA) 2024 (updated)

All previously available standards (GDPR, ISO 27001, NIST CSF, BSI Grundschutz, NIS 2, DORA, SOC 2, VDA ISA, and others) remain available and have been refreshed.

Improvements

  • ROPA – Risk Dashboard: The ROPA Risk Dashboard has been redesigned with improved layout, clearer risk score display, and better filtering by standard. [NG-3612, NG-3715]
  • ROPA – Standards tab in creation: When creating a ROPA entry, users can now select and manage relevant international standards directly from within the creation form. [NG-4078]
  • ROPA – Linked risk scenarios in detail view: The detail view of a ROPA entry now shows linked risk scenarios in a dedicated section with clearer status and score information.
  • Risk Settings – International Standards activation: The Risk Settings area now displays all created international standards with the option to activate or deactivate them for use in risk calculations. [NG-2356]
  • Risk Settings – Active Control Sets: It is now possible to activate specific Control Sets within the Asset Risk Settings screen.
  • TOMs – Linked Projects and Vendors: TOM detail views now show linked Projects and Vendors, in addition to the existing ROPA and DPIA links. [NG-3996]
  • TOMs – Linked risk scenarios shown in ROPA and DPIA tabs: Within a TOM's detail view, the ROPA and DPIA tabs now display the specific risk scenarios to which the TOM is linked.
  • Assets – Priority levels and risk score per standard: Asset overview and detail screens now display the priority level and risk score for each active standard individually. [NG-65]
  • International Standards – Overview and spider diagram: The overview screen now shows updated control totals and the spider diagram has been refined for standards that use direct controls without subcategories. [NG-2856, NG-3030]
  • International Standards – Maturity graph for Control Sets: The maturity graph now correctly reflects Control Sets alongside standard international standards.
  • Standard dropdown: The standard selection dropdown across the platform now shows only active standards and correctly filters by type (standard vs. control set). [NG-3813, NG-3872]
  • Treatment plan – New column: A new column has been added to the treatment plan table for improved clarity.
  • Risk slider: The threshold slider has been visually aligned and improved across Asset, ROPA, and Process risk screens. [NG-3445]
  • Toast notifications: Duplicate toast notifications with identical content are now suppressed so that the same message is not shown multiple times simultaneously.
  • Assessment builder – Auto-height for questions: Question input areas in the assessment builder now expand automatically to fit their content.
  • Assessment builder – Result screen table: The result screen table has been significantly improved to better handle multi-language content and variable display. [NG-3892]
  • Text translations – Multiple translate buttons: A new interface allows users to trigger translations for multiple fields at once, reducing repetitive manual steps.
  • Menu navigation – Sub-menu tree lines: Visual tree-lines have been added to sub-menu items for clearer navigation hierarchy.
  • ROPA – Sharing with controllers [NG-4122]: Improvements have been made to how ROPA entries are shared with joint controllers.
  • GDPR migration [NG-4176]: Internal migration of GDPR-related data to updated structures has been completed, ensuring data integrity for existing records.

Fixes

  • ROPA – Wrong rendering of information sections [NG-4125]: Certain sections within ROPA detail views were not rendering correctly; this has been resolved.
  • International Standards – Filter dropdown not working correctly [NG-3872]: Fixed an issue where the standard filter dropdown did not show the correct options in certain configurations.
  • International Standards – Most recent standard not visible [NG-3813]: Newly created standards were not always appearing in the dropdown; this is now resolved. [NG-3813]
  • Risk Settings – Auto-close not working [NG-4044]: A panel in Risk Settings was not closing automatically as expected; this has been fixed.
  • Assessment builder – Overlapping response options [NG-26]: An issue where response options overlapped visually in the assessment builder has been corrected.
  • Control Sets – Duplicate tabs [NG-2940]: Tabs were appearing duplicated in certain Control Set screens; this has been resolved.
  • Control Sets – Search not working [NG-2643]: The search function within Control Sets was not returning results correctly; this is now fixed.
  • Control translations not displaying correctly [NG-2644]: Control names and descriptions were not always shown in the selected language; this has been corrected.
  • Risk – Loading indicator bug [NG-3445]: A loading indicator was remaining visible after data had loaded; this has been fixed.
  • ROPA – blank screen when entering create form: An unhandled error caused a blank screen when navigating to the ROPA creation form in certain circumstances; this is resolved.
  • Process risk screen fixes [NG-3711]: Several display and data issues on the Process Risk screen have been corrected.
  • Event result display: An issue with how event results were displayed in assessments has been resolved.

Known issues

No known issues.

Feedback and Support

We value your feedback. If you encounter any issues or have suggestions, please contact our support team:

  • Schedule a Meeting: Via the Help Widget
  • Give Feedback with Screenshots: Via the Feedback Button in the Help Widget
  • Schedule a Support Call: Here
  • Schedule a Technical Support Call: Here

Was this article helpful?

English
Powered by Product Fruits