I keep going back to this resource, as it has a good set of examples for privacy risks.
But it also has a long catalog of technical and organizational measures (TOM).
Very interesting , also as it’s public and both, the Data Protection Impact Assessment and the Privacy Notice complement each other.
This is one of my favorite documents that I refer to on a day to day basis.
Nice list of privacy risks and severity examples.