Automated Risk Generation is now on Dapian

What is it?

This new development comes from some extensive research in making the identification of risks easier and simpler for general staff when producing their data protection impact assessments (DPIAs). This new feature comes as standard included as a part of a subscription to Dapian.

What does this newest feature do?

We’ve worked with Information Governance (IG) experts across the Public Sector, and created a bank of common data protection risks that are triggered based on answers users give in the DPIA forms to ensure they’re relevant to the project. For a non expert it’s easy to misunderstand the purpose of the production of risks and enter risks that are not relevant. Automated Risk Generation has been designed to point users in the right direction and lay down the core risk for them to build on.

The ability to add manual risks remains the same and risk format is consistent across automated and manual risks so DPIA documentation is uniform regardless of input method.

We have done some extensive research with our customers on the risks and information required and Dapian now enables the automatic creation of your list of risks. Also the ability to auto fill the information allows for far less oversight in risk management for your organisation, e.g: mitigating actions, review date.

Dapian screenshot

What automated risks do we include?

Our list of automated risks is fast growing and at time of writing this blog post the current list includes risks related to:

  • Theft (Internal or External)
  • Unauthorised Access (Internal/External, Accidental/Deliberate)
  • Error and Inaccuracy (Small or Widespread)
  • Deliberate Data Modification
  • Data Lost In Transit
  • Data Received by Wrong Recipient
  • Technical Failure
  • Risk that the project is not feasible/possible if data is not able to be accessed.
  • Risk that the marketing is unlawful
  • Risk that the data processing is not appropriate or necessary
  • Risk that the data subjects would not be happy with the intended processing and may lead to large numbers of complaints about the processing.
  • Failure to make sure that consent is as easy to withdraw as it was to provide.
  • Failure to identify who has the Data Controller or Data Processor roles as part of the data processing, leading to a breach of legislation.
  • Failure to satisfy the Common Law duty of Confidentiality for health and care purposes.

If you wanted to see more, our demo platform for Dapian has this latest version available to play with in that environment.

We look forward to developing Dapian even more as time goes on and sharing our findings with you all.

You can learn more and trial our software at by contacting us via the below button.