Automated Risk Assessment

The automated Risk Assessment provides the methodological basis for evaluating your website configuration - more specifically, the configuration of the technologies used to operate your website.

As a key management tool within Consenter Manager, the Risk Assessment shows you how your specific website configuration affects

Within the Consenter Manager, you can systematically assess, compare and optimise the data protection-related settings of your website technologies.

The risk assessment methodology is based on Article 25 of the GDPR (data protection by design and data protection by default) and Article 35 of the GDPR (data protection impact assessment). Both provisions require an assessment of the risks to the rights and freedoms of data subjects.

The implementation of this risk assessment methodology is based on a research and development process spanning over ten years, carried out in collaboration with European research institutions and data protection authorities. It combines data protection risk assessments with considerations on technical feasibility and clear communication.

The risk assessment takes into account, in particular:

Each selection option is assigned a weighted score. This weighting is based on its potential impact on fundamental rights such as privacy and informational self-determination, and is grounded in our research findings.

Third-party technologies – such as Matomo or Google Analytics – are often central to the operation and further development of websites. However, different tools and configurations lead to different data protection implications. These depend, amongst other things, on the provider’s place of business, the data processed by default, and the respective purposes of processing.

The assessment process is fully integrated into the Consenter Manager.

Each configuration change has an immediate impact on the calculated risk–benefit ratio, which is visualised in the Risk Benefit Wheel—a graphical representation of this ratio. This allows you to see in real time how your settings influence the data protection assessment.

Many risks arise from the interaction of multiple factors and only become significant once certain thresholds are reached. These interdependencies are also reflected in the Risk Benefit Wheel.

For commonly used third-party technologies, we provide specific configuration guides. These typically include three levels of risk configurations:

These configurations span multiple settings and parameters. The guides give you a structured overview of the overall risk associated with different configuration options. When you implement your chosen settings in the Consenter Manager, the system automatically assigns the corresponding risk level to each individual option.