Data protection risk management guide
Data protection risk management guide

The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:

  • Data protection risk management guide
  • Why you need to manage this risk
  • Top five priorities
  • 1. Responsibility and accountability
  • 2. Know your data
  • 3. Data breaches
  • 4. Complying with the GDPR
  • 5. Developing a culture of privacy by design

Why you need to manage this risk

Data protection is one of the most challenging areas of risk management—the law is complex and wide-ranging, it operates at domestic, EU and international levels, is in a constant state of flux and subject to several ongoing legal challenges.

Failing to comply with data protection requirements under the EU General Data Protection Regulation (GDPR) can expose an organisation to serious reputational damage, claims by aggrieved data subjects and fines up to €20m or up to 4% of the total worldwide annual turnover.

Top five priorities

The table below identifies five key priorities for data protection risk management and gives the heads-up on why each one is a priority area.

Each priority is then explained in further detail in the main body of this Risk management guide, including a series of mini action lists that:

  1. suggest action points for each priority area

  2. encourage you to record your level of compliance against each action point, and

  3. signpost relevant Precedents in LexisNexis

Priority area Why is this a priority?
1. Responsibility and accountability You cannot expect to implement effective data protection systems unless there is clarity about who's responsible and accountable.