Help Center
News
Help Center
News
Sign in
Document
Documents & PoliciesQuestionnairesControls & Technical and Organizational Measures (TOMs)Report ExplorerAsset RegisterFrameworksRecord of Processing Activities (ROPA)Exporting your ROPAVendorsImpact Assessments (IA)Legitimate Interest DocumentationsMeetings & ActivitiesRetentions & Deletions PeriodsData Collection Point (DCP)Add documents to vendors
DPIA
Assessments
ROPA
Assets
International Standards & Frameworks
TOMs & Controls
Categories & Attributes
Data Collection Points
Legal Basis
Legitimate Interest
Documents & Policies
Retention & Deletion
Data Flow
Vendors
Questionnaires
Manage
Process Risk OverviewData Flow Map
Dashboards
AI Assistance & Automation
Projects
Tasks
Meetings & Activities
Workflows & Automations
Reporting
React & Resolve
TasksProjectsIncidents & BreachesData Subject Requests
Risk Scenarios & Treatments
Incidents & Breaches
Release Notes
Q2 2026
Q1 2026
Q4 2025
Q3 2025
Q2 2025
Q1 2025
Q4 2024
Q3 2024
Q2 2024
Q1 2024
Q4 2023
Q3 2023
Q2 2023
Q1 2023
Q4 2022
Q3 2022
Getting Started
Quickstart GuideQuestionnairesTasksProcess Risk OverviewIT SettingsFrameworksThe Information Security / Asset Risk ModelData Subject RequestsDownloading an elementLegitimate Interest DocumentationsAssigning Audiences to ElementsDocuments & PoliciesControls & Technical and Organizational Measures (TOMs)General SettingsCreating attributes that fit your industryDocument list for onboardingThe Data Protection Risk ModelIncidents & BreachesProjectsManaging audiencesAdd documents to vendorsHow to answer an assessment/questionnaireSetting up the first organization or companyData Collection Point (DCP)Use AI to create elementsSetting Risk models in General SettingsSharing ElementsHow can a user change the language?Data Flow MapRecord of Processing Activities (ROPA)Time MachineCreate and evaluate assessments Company Widget FeatureAsset RegisterVendorsImpact Assessments (IA)Creating organizational unitsExporting your ROPAMeetings & ActivitiesTerms for legitimate processingRetentions & Deletions PeriodsHow to create a new user and how to change the password for loginReport ExplorerMaturity modelAdding risk scenarios to assets or asset groupsRelevant Risk SzenariosPriverion GRC Platform overviewDocument list for onboardingHow can a user change the language?Setting up the first organization or companyCreating attributes that fit your industry
User account
Sharing & Group functions
Features
How-To Guides & Tips
Get Help
Legal
Settings
General Settings
Compliance settings
Identity and access management
IT Settings
Risk Settings

The Data Protection Risk Model

The Data Protection Risk Model is the mathematical foundation of every risk score in DPMS — DPOs, compliance managers, and IT administrators configure it here to define exactly what "low", "elevated", and "critical" risk means for their organisation, so that every ROPA record, asset, vendor profile, and DPIA reflects a consistent, auditable risk methodology.

The risk scores displayed across DPMS — on processing activities, assets, vendors, and DPIAs — are only as meaningful as the model behind them. Before any of those scores make sense, someone needs to answer fundamental questions: How many probability levels do we use? What does "significant damage" mean in financial terms? Where does "elevated" risk end and "critical" begin? The Configure Models screen is where you answer those questions for your entire organisation. Once you activate a model here, DPMS automatically applies it everywhere — and when you change it, a background recalculation job updates every affected record across the system.

How to open it

Navigate to Settings → Risk Settings → Standards → Configure Models in the left-hand navigation.

You need read access to Risk Settings to view this screen. To make changes, you also need edit rights for risk settings. If you only have read access, the Edit button is visible but greyed out with a tooltip explaining the restriction. If you have neither permission, DPMS shows a "403 Forbidden" page instead.

What you see

The screen is divided into two zones. On the left is the Risk Settings side menu, which lets you jump between the different risk configuration areas: Standards (with Active Standards and Configure Models as sub-items), Control Sets, Risk Scenarios, Maturity Model, and Deadlines & Urgency. The currently active section is highlighted.

The main content area on the right starts with a breadcrumb trail (for example, General Settings › Standards › Configure Models) so you always know where you are. Directly below it is a compact toolbar showing three controls side by side: a Standard dropdown (showing the compliance framework currently in view, e.g. "GDPR"), a Model dropdown (showing either "Additive" or "Multiplicative"), and a status badge that reads either Active (green) or Activate (blue). An Edit button sits at the end of this row.

Below the toolbar is the main configuration card. It shows the Occurrence Likelihood table on the left and the Damage Amount table on the right — both in read-only form when you're just browsing. Beneath those tables, a colour-coded risk slider visualises the boundaries between your risk categories (for example, where "Minimal" ends and "Elevated" begins), and below that a smaller Mitigation Threshold slider shows the score below which a risk is considered adequately controlled.

Working with this screen

Setting up your risk model for the first time

If your organisation has never configured a risk model, the likelihood and damage tables will be empty and the Activate badge will appear greyed out — this is intentional, because the model isn't ready yet. Here is how to complete the setup from scratch.

  • In the toolbar, confirm the Standard dropdown shows the framework you want to configure (e.g. "GDPR"). Click Edit to open the edit screen.
  • Define your likelihood levels. In the Occurrence Likelihood section, you'll see a list of rows. Each row represents one probability band. For each row, type a name (e.g. "Very Low"), select the matching occurrence tag from the dropdown, and enter the numerical weight you want that level to carry in risk calculations (e.g. 1). Click the + icon at the bottom of the list to add the next level. You must complete each row before adding another.
  • Select a currency and define your damage levels. Use the Currency dropdown to pick your organisation's reporting currency (e.g. EUR). The damage rows will then appear. Fill in each row with a label (e.g. "Negligible"), a financial threshold (e.g. up to EUR 10,000), and a numerical weight. As you work, the Damage Chart below updates in real time to preview how your financial bands compare in size — a useful sanity check.
  • Set your risk categories. Scroll down to the Risk Categories section. If no categories have been defined yet, you'll see a prompt and a Set button. Click Set to go to the category setup screen, where you choose how many risk bands you want (e.g. 5: Minimal, Reduced, Elevated, High, Critical). Once saved, you'll be returned to the edit screen with the category names visible.
  • Position your risk thresholds. With categories in place, the colour-coded Categories & Threshold slider becomes interactive. Drag the boundary handles to position the cut-off point between each category on the risk score scale. For example, you might decide that any score above 15 is "Critical". An information banner above the slider explains how to move the thumbs.
  • Set the mitigation threshold. Drag the single thumb on the Mitigation Threshold slider to the score you consider the upper limit of "adequately mitigated." Any ROPA record or asset whose residual risk falls at or below this score will be shown as mitigated throughout DPMS.
  • Activate and save. Once the slider is valid, the Activate badge becomes fully opaque. Click it — it turns green, showing Active. Then click Save. DPMS shows a success notification and starts a background recalculation job that updates risk scores across all your records.

Switching between standards or model types

If your organisation works under multiple frameworks (e.g. both GDPR and ISO 27001), each standard can have its own independently configured risk model. Use the Standard dropdown in the toolbar to switch between them — the likelihood tables, damage tables, and risk sliders update instantly to reflect the chosen framework's configuration without any page reload.

To compare the Additive and Multiplicative calculation approaches for the same standard, click the Model dropdown and switch between them. The content card re-renders with that variant's configuration. If you haven't yet configured a particular combination (e.g. ISO 27001 Multiplicative), the tables will be empty and you can click Edit to build it from scratch.

Heads up: For GDPR Privacy Risk models, the Multiplicative option in the Model dropdown is greyed out. The Privacy Risk model is intentionally fixed to the Additive formula, in line with standard GDPR risk assessment guidance.

Adjusting an existing model after a policy change

Following a regulatory review or internal risk appetite update, you may need to revise your thresholds or even change the damage currency.

Open the edit screen for the relevant model. In the Damage section, change the Currency dropdown if needed — for example, switching from EUR to CHF. Then update the financial threshold amounts in each damage row to reflect the new currency values. Drag the Categories & Threshold slider left or right to reflect your updated risk appetite. Move the Mitigation Threshold slider to the new target. Click Save. A recalculation job will run in the background.

Heads up: During the recalculation job, edit screens for ROPA records, assets, and vendors are temporarily locked — save buttons are disabled. This is normal and resolves automatically once the job finishes.

Reviewing the model as an auditor

If you have read-only access, you can view the full model configuration — likelihood tables, damage tables, risk slider, and mitigation threshold — without any risk of accidental changes. The Edit button is visible but greyed out with an explanatory tooltip.

Click the clock icon (top-right of the content area) to open the Activity Log, a slide-in panel showing the full change history of the model: who changed it, what they changed, and when. This is useful for demonstrating to auditors or regulators that the risk methodology has been consistently applied and properly governed.

Field reference

Occurrence Likelihood rows

  • Label — The display name for this probability level (e.g. "Low", "Medium"). Supports multiple languages; use the language switcher at the top of the section to enter or review translations.
  • Occurrence tag — Links this level to an occurrence tag from your tag library (type: Risk Occurrence Likelihood). Required.
  • Numerical value — The weight this level contributes to the risk score. Must be a positive number. For Multiplicative models, zero is not allowed (it would reduce any risk score to zero). Required.

Damage Amount rows

  • Label — The display name for this damage band (e.g. "Negligible", "Critical"). Supports multiple languages.
  • Financial threshold — The upper financial boundary of this band (e.g. EUR 50,000). Automatically formatted with K/M/B suffixes for readability. The highest band is labelled "Above" and has no upper limit; the lowest band's upper limit is automatically set to the maximum of the row above it.
  • Numerical value — The weight this damage level carries in risk calculations. Must be a positive non-zero integer.

Currency — The currency symbol shown alongside financial thresholds in the damage table (e.g. EUR, USD, CHF). You must select a currency before damage rows are shown. Changing currency does not automatically convert the threshold amounts — you must update those figures yourself.

Model type — Controls the calculation formula. Additive: Risk = Likelihood + Damage. Multiplicative: Risk = Likelihood × Damage. Only one type can be active per standard at a time.

Mitigation threshold — The maximum risk score that counts as "adequately mitigated." Residual risk scores at or below this value are shown as mitigated on ROPA and asset records throughout DPMS.

How this connects to the rest of DPMS

The risk model configured here is the single source of truth for risk scoring across the platform. ROPA processing activities use the active Privacy Risk model to compute inherent and residual risk scores — the same likelihood and impact scales you define here appear as the scoring fields on every ROPA's risk tab. Assets in the Asset Register use the Asset Risk model; vendor profiles use the vendor risk model built on the same pattern. The organisation-level risk matrix (the dashboard view that plots all elements by likelihood and impact across colour-coded bands) can only display meaningful bands once a model is active here.

After finishing your model configuration, a good next step is to visit Standards → Active Standards to verify that the standard is enabled, then open a ROPA record and check that the risk score fields reflect your new scales. You may also want to review the Risk Scenarios and Control Sets sections (accessible from the left-hand menu) to ensure that your controls vocabulary and scenario library are aligned with the new scoring methodology.

Tips & common pitfalls

Heads up: The most common reason the Activate badge remains greyed out after filling in likelihood and damage values is that Risk Categories have not been set yet. Look for the "Set" prompt in the Risk Categories section — without categories, the slider cannot be configured and the model cannot be activated.
Tip: Use the Activity Log (clock icon) before making changes to understand what the previous configuration looked like. This helps you make intentional adjustments rather than accidentally overwriting a carefully tuned setup.
  • Changing the number of categories resets all threshold positions. If you go to the Set screen and change from, say, 3 categories to 5, DPMS recalculates the boundaries evenly across the score range. Any custom slider positions you've set are lost. Only change the number of categories if you're prepared to re-position all thresholds afterwards.
  • Navigating away from the edit screen without saving loses your changes. DPMS does not show an "unsaved changes" warning. If you've added new likelihood rows or adjusted financial thresholds but haven't clicked Save, those changes will disappear when you navigate elsewhere.
  • If a standard is missing from the dropdown, it hasn't been activated yet. Go to Standards → Active Standards and enable the standard there. Only active standards appear in the Standard dropdown on this screen.
  • The recalculation job can take time on large datasets. If users report that their ROPA edit screens are locked after you save a model update, this is expected. The lock lifts automatically once the background job finishes recalculating all affected records.


Was this article helpful?

English
Powered by Product Fruits