List the identified risks and the potential solutions or costs for resolution or mitigation.

<aside> 💡 Purpose

For each feared event (illegitimate data access, unexpected data modification, and data loss):

  1. Determine the potential impacts on the privacy of the data subjects if they were to occur.
  2. Estimate its severity, especially considering the harmfulness of potential impacts and, if applicable, measures that could modify them.
  3. Identify threats to data storage that could lead to this feared event and the sources of risks that could cause them.
  4. Estimate its likelihood, especially considering vulnerabilities in data storage, the capabilities of risk sources to exploit them, and measures that could modify them.

Refer to the data governance handbook

</aside>

🎢 Privacy related risks