In accordance with Recital of the GDPR, data controllers and processors should assess the risk of processing resources and implement measures to minimize this risk. Since no possible way of implementing this requirement was indicated, it has become one of the most serious challenges in the field of personal data protection.
The ODO method is based, among others, on Job Function Email List on the good practices of international ISO standards that have been operating for many years, including and , which was also encouraged by the Guidelines Gr. Art. , now replaced by the European Data Protection Board.
The result of the operation is a list of resources that exceed the defined acceptance threshold, . those that are least or insufficiently secured and that pose the greatest likelihood of a threat to the security of personal data processing. The product of the risk analysis is a risk management plan, which is part of the report, and includes alternative action scenarios.