Log inherent risks, assign owners, define treatment plans, and re-score residual exposure. A regulator-ready audit trail from first identification to closure.
5×5 likelihood × impact grid. Click any cell to filter risks by that score combination. Color-coded by severity.
Dual-layer scoring: inherent risk before controls, residual risk after. Effective rating falls back to inherent when residual is not yet set.
Every risk can be tagged to a DPDPA obligation (S.5 Consent, S.8 Security, S.9 Children, S.11 Rights, etc.).
Assign a risk owner. Risks without owners appear in the CXO dashboard action queue.
Upload your existing risk register as a CSV. Field mapping supports standard risk register formats.
Risks past their target closure date are flagged in the KPI strip and table. Notifications sent to risk owners.
Risk Register is available on Growth, Business, and Enterprise plans.
DPDPA S.8(1) requires Data Fiduciaries to implement 'reasonable security safeguards' to prevent personal data breaches. A risk register is the primary evidence that your organisation has systematically identified, assessed, and treated risks to personal data. Without a documented risk register, you cannot demonstrate reasonable security to the Data Protection Board during an inquiry.
DPDPA Shield's risk register supports mapping to all major DPDPA obligation sections: S.5 (Consent), S.6 (Notice), S.8 (Security safeguards), S.9 (Children's data), S.10 (SDF obligations), S.11 (Rights requests), S.12 (Erasure), S.13 (Grievance), and S.14 (Nomination). The obligation field is used in the Regulatory Obligation Breakdown chart.
Inherent risk is the risk level before any controls are applied — your baseline exposure. Residual risk is the remaining risk after your mitigating controls are in place. The gap between inherent and residual score shows the effectiveness of your control environment. DPDPA Shield tracks both and displays the effective rating (falling back to inherent when residual is not yet assessed).
Risk Register is available on Growth, Business, and Enterprise plans. Starter plan users can view existing risks but cannot create or modify risk entries. Upgrading to Growth unlocks full read/write access.
Growth plan includes full risk register access. Upgrade from Starter in one click.
Prove every consent. Court-admissible SHA-256 proof.
Learn moreOTP-verified portal. 30-day SLA countdown.
Learn moreNever miss the 72-hour Board notification window.
Learn moreReal-time 0–100 compliance health score.
Learn moreMap every asset, processor, and data flow. Auto-generate RoPA.
Learn moreAutomated security scoring for every data processor. Growth+.
Learn moreAI-curated DPDPA updates. Never miss an enforcement signal.
Learn moreChildren's data, DPIA, SDF — highest-penalty coverage.
Learn more