Risk Analysis & Capture

Modern Data Protection uses a range of tools and approaches to Data Protection Governance, one such approach is Risk Based Assessment. Using the automated capture and monitoring features of the GDPMS will ensure that your business is actively monitoring for potential problems and reviewing the areas in your business that represent risk. Once identified, the risk and can appropriately managed using a number of risk management approaches.

Risk is part of business. It can be avoided, mitigated, shared or accepted - this is the choice of the business in each case. Before it can be determined, it must be defined and then managed.

The GDPMS has a number of Risk touch points -

  • The Applications Register captures and registers risk to the business about applications;

  • The Data Flow Register captures and registers risk in the processing of Data by said applications;

  • The Data Protection Impact Assessment Register captures the risk presented to Data Subjects while processing their Personal Data. It also captures mitigation strategies, residual risk and risk decisions;

  • The Legitimated Interests Assessment Register captures and registers risk associated with the legitimacy of processing a Data Subject's Personal Data;

  • The Information Risk Register centralises known (or suspected) identified ares of risk in the business from any of the above sources. It allow any given risk to be owned and addressed as well as monitored and is a constant Data Governance source of reference;

  • The Mobile User Register, captures user devices that may be lost or stolen, and then manages that risk through the lost device register and Security Incident Management process;

  • The Removed Asset register assigns loss or removal of assets to ensure heightened risk and threat analysis over the asset;

  • The Security Incident Register determines how to deal with breaches and what risks where present and known about prior to the data breach;

  • And in many other places like registers, lists, policies and standards etc.

Modern Data Protection is about weighing up the risk and acting in a responsible manner to address it. The GDPMS provides a large range of Risk touch-points to ensure that the risk profile for any particular element of your Data Protection efforts is identified, captured, addressed and managed to meet the defined Risk Appetite of the organisation.

The Operational Risk Management Framework provides clarity around the business operations, areas of risk, and the organisations Risk Appetite and Risk Strategy.

Be the First to Know... Visit & Subscribe to our BLOG

Contact Us

This form is for general inquiries. If you are emailing about an existing case regarding a client that we represent, please reply to any of the email communications that you may have received from us about your matter. If you want to lodge a data subject request with a client that we represent, please visit the Data Subject Request form. You will need to know the Membership ID of the company that you would like to service your request. This information must be published on the contact page of our members website and in their Privacy Policy or Collection Statement.

If you wish to lodge a Data Subject Request regarding our service, our GDPMS ID is UK440000. Only use this code if the request is to be handled by us, that is information we have about you. If you would like to read our Privacy Policy and Collection Statement.










Maizieres Les Metz


Cirie TO



United Kingdom

71-75 Shelton Street

Covent Garden


+44 20 7442-5785

(207) 442-5785

United States

Suite 3377

304 S. Jones BLVD

Las Vegas NV 89107

+1 85 5577-8682

(US/Canada Toll-Free)








Full Service Regions


PO Box 834


NSW 2057

+61 4 6621-2726

(04) 6621-2726

Collection Statement & Privacy PolicyWebsite Cookie Policy | Support Desk

© 2010 - 2019 SPTG LLC, GDPR Forensic Limited. All rights reserved.

Data Protection*Services and are Trademarks of GDPR Forensic Limited (UK) and associated companies.

All prices on this website are EUR/EURO "€" unless otherwise stated.

The star logo and the DPO and CA seals are Trademarks of GDPR Forensic Limited,

unauthorised use is prohibited.