Identifying & assessing risks

A privacy risk register is designed to collate, record, track and manage all your data protection, information security and privacy risks information in one place—see Practice Note: How to formulate a privacy risk register and Precedent: Privacy risk register.

Identifying privacy risks—risk assessment

In order to formulate an effective privacy risk register, you must first identify the risks your organisation faces. You can do this by completing a risk assessment—see Precedents:

  1. Data protection risk assessment—long form

  2. Data protection risk assessment—short form

There is no established format for a risk assessment, but it would make sense to consider:

  1. what personal data do you receive and/or hold?

  2. how do you process data?

  3. for what purposes do you process data?

  4. do you transfer or share data—if so, to whom and how?

  5. how does data move within your organisation?

  6. do you transfer data outside the UK?

  7. how do you ensure data remains accurate and up to date?

  8. how long do you keep data?

To view the latest version of this document and thousands of others like it, sign-in with LexisNexis or register for a free trial.

Powered by Lexis+®
Latest Practice Compliance News
View Practice Compliance by content type :

Popular documents