Data protection risk assessment—long form
Data protection risk assessment—long form

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data protection risk assessment—long form

    1. 1

      Background information

      Assessment for[State whether the assessment relates to the whole firm or a specific department]
      Person conducting assessment[insert name]
      Date of assessment[insert date]
    1. 2

      What personal data do you receive and/or hold?

      Consider what personal data you receive and/or hold and any inherent risks.

      1. 2.1

        Review

        Category of personal dataData typeHow is this received?How is this stored?
        [Client OR Customer OR names and addressesPersonal dataTelephone
        Email
        Website
        In person
        [Insert other]
        On paper
        IT system
        Mobile devices
        [Insert other]
        Client OR Customer OR orders and invoices[Personal data OR special category personal data OR Mix of personal and special category personal data OR As aboveAs above
        Employee data including HR filesSpecial category personal dataTelephone
        Email
        Intranet
        In person
        [Insert other, eg hard copy]
        [State how you store HR files and whether HR data could be stored anywhere else, eg email folders, HR system]
        [Supplier lists[Could be some personal data[[If you keep a supplier list, where does the information come from?]][[State how you store supplier lists, eg on your intranet]
        Information in client relationship management (CRM) systemPersonal data OR Special category personal data OR Mix of personal and special category personal data OR [State how the information is received, eg by email from staff or directly uploaded by staff via intranet][State how you store CRM information, eg on a bespoke CRM system ]]
        Client OR Customer OR website preferences

Popular documents