GDPR-FORM-07-1 Data Protection Impact Assessment Tool

Page 1

Please note: This sample only shows part of the Data Protection Impact Assessment tool.

DataProtectionImpactAssessmentWorkbook

Torefreshchartdata,clickon“RefreshAll”ontheDataribbon.

Ref PersonalData Asset RiskScenario Risk Owner Existing Controls Likelihood Likelihood Rationale Impact Impact Rationale RiskScore RiskLevel Treatment Option Chosen Treatment Action(s) Post-Treatment Likelihood Post-Treatment Likelihood Rationale Post-Treatment Impact Post-Treatment Impact Rationale Post-Treatment RiskScore Post-Treatment RiskLevel Comments 1 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 2 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 3 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 4 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 5 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 6 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 7 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 8 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 9 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 10 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 11 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 12 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 13 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 14 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 15 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 16 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 17 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 18 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 19 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated 20 Select… Select… Calculated Calculated Select… Select… Select… Calculated Calculated RISKDESCRIPTION PRE-TREATMENT TREATMENT POST-TREATMENT PersonalDataAs... (blank) RiskOwner (blank) RiskLevel Calculated

Dataprotectionimpactassessmentdashboard

Torefreshchartdata,clickon“RefreshAll”ontheDataribbon.

Thechartbelowshowstheratingschemeusedtodeterminerisklevelbasedonacombinationoflikelihoodandimpact.

Thechartsbelowshowthespreadofriskseveritiesbeforeandafterrisktreatment.

Pre-treatmentassessment Classificationofrisklevel Riskprofilediagram
Pre-treatment Post-treatment INSIGNIFICANT 1 MINOR 2 SIGNIFICANT 3 MAJOR 4 SEVERE 5 5 0 0 0 0 0 5 0 0 0 0 0 ALMOST CERTAIN 5 MEDIUM 5 MEDIUM 10 HIGH 15 HIGH 20 HIGH 25 4 0 0 0 0 0 4 0 0 0 0 0 LIKELY 4 LOW 4 MEDIUM 8 HIGH 12 HIGH 16 HIGH 20 3 0 0 0 0 0 3 0 0 0 0 0 MODERATE 3 LOW 3 MEDIUM 6 MEDIUM 9 HIGH 12 HIGH 15 2 0 0 0 0 0 2 0 0 0 0 0 UNLIKELY 2 LOW 2 LOW 4 MEDIUM 6 MEDIUM 8 MEDIUM 10 1 0 0 0 0 0 1 0 0 0 0 0 RARE 1 LOW 1 LOW 2 LOW 3 LOW 4 MEDIUM 5 1 2 3 4 5 1 2 3 4 5 Treatmentoptions Post-treatmentassessment Riskimpact LIKELIHOOD: What are the chances of the risk event happening? IMPACT:Howmajorcouldtheconsequencesbeiftheriskeventhappened? Risk Likelihood Risk Likelihood Riskimpact 0 Numberofpre-treatmentrisks Low Medium High 0 2 4 6 8 10 12 14 16 18 20 (blank) Calculated Total 20 Pre-treatmentrisklevelsbyriskowner Risksbytreatmentoptionchosen Select… 0 Numberofpost-treatmentrisks Low Medium High 0 2 Low Medium High Pre-treatment 0 0 0 Post-treatment 0 0 0 Numberofrisksbyrisklevelpreandposttreatment

Likelihood

The following table should be used to decide upon the most appropriate likelihood for a particular risk.

LIKELIHOOD DESCRIPTION SUMMARY

1 Improbable Has never happened before and there is no reason to think it is any more likely now

2 Unlikely There is a possibility that it could happen, but it probably won't

3 Likely On balance, the risk is more likely to happen than not

4 Very Likely It would be a surprise if the risk did not occur either based on past frequency or current circumstances

5 Almost certain Either already happens regularly or there is some reason to believe it is virtually imminent

Impact

The following table should be used as guidance to help to decide upon the correct impact rating for a particular risk. Impacts relate to the rights and freedoms of the data subject.

IMPACT LEVEL IMPACT AREAS

2

3 Moderate Up to £100 Significant, but non lifethreatening injuries or mental health impact

4 High Up to £10,000 Serious injury and/or lifechanging mental impact Severe, but temporary damage to reputation Potential major prosecution with threat to liberty and high fine

5 Very High More than £10,000 Potential for death or serious selfharm due to mental health consequences

[Describe impact at each level]

Reputation is ruined permanently May lead to lengthy prison term or very large fines [Describe impact at each level]

Rating Description Financial Health and Safety Impact on Reputation Legal Impact Other Potential Impacts [State impact area]
Negligible No loss No harm No impact No impact [Describe impact at each level]
1
£10 Minor
Slight embarrassment Minor breach of law [Describe impact at each level]
Slight Less than
harm
Local
Significant
fines [Describe impact at each level]
embarrassment
illegality without prison or major

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.