The following Risk & Compliance guidance note provides comprehensive and up to date legal information covering:
A privacy risk register is a tool that allows you to collate, record, track and manage all your data protection, information security and privacy risks information in one place. This Practice Note guides you through the process of creating a privacy risk register. See Precedent: Privacy risk register.
To formulate an effective privacy risk register, you must first identify the risks your firm faces. You can do this by completing a risk assessment—see Precedent: Data protection risk assessment—long form or Data protection risk assessment—short form.
There is no established format for a risk assessment, but it would make sense to consider:
what personal data do you receive and/or hold?
how do you process data?
for what purposes do you process data?
do you transfer or share data and, if so, to whom and how?
how does data move within your organisation?
do you transfer data outside the EEA?
how do you ensure data remains accurate and up-to-date?
how long do you keep data?
how do you destroy data?
Precedent: Data protection risk assessment—long form guides you through the process of assessing your risks, using the above criteria. For each risk you identify in the risk assessment, you are given the option to:
record an action point to address the risk immediately—this would be suitable for simple risks
**excludes LexisPSL Practice Compliance, Practice Management and Risk and Compliance. To discuss trialling these LexisPSL services please email customer service via our online form. Free trials are only available to individuals based in the UK. We may terminate this trial at any time or decide not to give a trial, for any reason. Trial includes one question to LexisAsk during the length of the trial.
To view the latest version of this document and thousands of others like it, sign-in to LexisPSL or register for a free trial.
Existing user? Sign-in
Take a free trial
Take a free trial
0330 161 1234