The risk analysis comprises all activities for identifying, assessing, evaluating, and prioritising the risks and opportunities in data processing. The risk assessment considers the lawfulness of data processing, its purpose, the scope as well as the state of the art, the implementation costs and its circumstances. It includes all processes and business procedures and thus provides the starting point for risk assessment, risk mitigation measures and risk monitoring.
In terms of improvement and, if necessary, the use of new technologies, risk management in data processing must be constantly adapted and optimised. This is done using the P-D-C-A cycle; a tool with which one can also optimally control the effectiveness of the measures.