The risk analysis in Anyva is based on a structured and modular approachwhich makes it possible to carry out data protection impact assessments in a comprehensible and compliant manner even without in-depth legal or technical expertise.

A central component is the use of Prefabricated requirement modules. These cover typical data protection-related requirements - e.g. the secure handling of paper files, mobile data carriers or the principle of purpose limitation - and make abstract legal requirements understandable through concrete implementation instructions and example scenarios. For example, the confidentiality of paper files is vividly explained by locked filing cabinets.

Each requirement module already contains:

• the associated risks in the event of non-fulfilment,
• suitable Technical and organisational measures (TOM),
• and advice on practical Realisation.

The risk analysis follows a classic risk management approach: Based on an assessment of the possible Effects and probabilities of occurrence becomes a Initial risk determined. The effectiveness of the proposed measures is analysed in the context of the guarantee objectives according to the Standard Data Protection Model (SDM) checked. This results in the respective Residual risk per module - and in total the overall risk of the DSFA.

Thanks to the model-based approach, all valuations are plausible, complete and comprehensible documented. The requirement modules supplied can be customised and enable rapid implementation - even by non-experts. In conjunction with the integrated Vulnerability management the DPIA remains "alive": new vulnerabilities automatically influence the risk status of affected processing activities.