A written risk assessment must be prepared for any processing of confidential and/or sensitive data, including personal data. The risk assessment must be carried out by the system owner or the person responsible for processing this type of data. A risk assessment is an objective assessment of the probability that an incident will take place as well as an assessment of the consequences.
If your data are Type A or Type B data, you always need to carry out a risk assessment.
Consider the risks and security measures by filling in the risk assessment template.