im looking to a part of Data Protection Impact Assessments report that inculde 3 section only
Consider how to consult with relevant stakeholders: describe when and how you will seek individuals’ views – or justify why it’s not appropriate to do so. Who else do you need to involve within your organisation? Do you need to ask your processors to assist? Do you plan to consult information security experts, or any other experts?
Describe compliance and proportionality measures, in particular: what is your lawful basis for processing? Does the processing actually achieve your purpose? Is there another way to achieve the same outcome? How will you prevent function creep? How will you ensure data quality and data minimisation? What information will you give individuals? How will you help to support their rights? What measures do you take to ensure processors comply? How do you safeguard any international transfers?
Describe source of risk and nature of potential impact on individuals. Include associated compliance and corporate risks as necessary.
Likelihood of harm : Remote, possible or probable
Severity of harm : Minimal, significant or severe
Overall risk: Low, medium or high
