Please note: This sample only shows part of the Data Protection Impact Assessment Tool
Personal Data As... (blank)
Risk Owner
Risk Level
(blank)
Calculated
Data Protection Impact Assessment Workbook To refresh chart data, click on “Refresh All” on the Data ribbon. RISK DESCRIPTION Ref Personal Data Risk Scenario Risk Asset Owner
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
PRE-TREATMENT Existing Likelihood Likelihood Controls Rationale
Impact Impact Rationale
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Select…
Risk Score
Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated
Risk Level
Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated
TREATMENT Treatment Treatment Option Action(s) Chosen Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select…
POST-TREATMENT Post-Treatment Post-Treatment Post-Treatment Post-Treatment Post-Treatment Post-Treatment Comments Likelihood Likelihood Impact Impact Risk Score Risk Level Rationale Rationale Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select…
Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select…
Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated
Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated
Data Protection Impact Assessment Dashboard
To refresh chart data, click on “Refresh All” on the Data ribbon.
Pre-treatment assessment Number of pre-treatment risks
Pre-treatment risk levels by risk owner
0
Low
20 18 16 14 12 10 8 6 4 2 0
Medium High
(blank) Calculated 20
Total
Classification of risk level
Risk profile diagram
The chart below shows the rating scheme used to determine risk level based on a combination of likelihood and impact.
The charts below show the spread of risk severities before and after risk treatment.
Pre-treatment
Post-treatment
MINOR 2
SIGNIFICANT 3
MAJOR 4
SEVERE 5
5
0
0
0
0
0
5
0
0
0
0
0
ALMOST CERTAIN 5
MEDIUM 5
MEDIUM 10
HIGH 15
HIGH 20
HIGH 25
4
0
0
0
0
0
4
0
0
0
0
0
LIKELY 4
LOW 4
MEDIUM 8
HIGH 12
HIGH 16
HIGH 20
3
0
0
0
0
0
3
0
0
0
0
0
MODERATE 3
LOW 3
MEDIUM 6
MEDIUM 9
HIGH 12
HIGH 15
2
0
0
0
0
0
2
0
0
0
0
0
UNLIKELY 2
LOW 2
LOW 4
MEDIUM 6
MEDIUM 8
MEDIUM 10
1
0
0
0
0
0
1
0
0
0
0
0
RARE 1
LOW 1
LOW 2
LOW 3
LOW 4
MEDIUM 5
1
2
3
4
5
1
2
3
4
5
Risk Likelihood
INSIGNIFICANT 1
Risk Likelihood
LIKELIHOOD: What are the chances of the risk event happening?
IMPACT: How major could the consequences be if the risk event happened?
Risk impact
Treatment options
Risk impact
Post-treatment assessment
Risks by treatment option chosen
Number of post-treatment risks
Number of risks by risk level pre and post treatment
Sel ect… 2
0
Low
Medium High
0 Pre-treatment
Low 0
Medium 0
High 0
Post-treatment
0
0
0
Likelihood The following table should be used to decide upon the most appropriate likelihood for a particular risk. LIKELIHOOD DESCRIPTION 1 2 3 4 5
Improbable Unlikely Likely Very Likely Almost certain
SUMMARY Has never happened before and there is no reason to think it is any more likely now There is a possibility that it could happen, but it probably won't On balance, the risk is more likely to happen than not It would be a surprise if the risk did not occur either based on past frequency or current circumstances Either already happens regularly or there is some reason to believe it is virtually imminent
Impact The following table should be used as guidance to help to decide upon the correct impact rating for a particular risk. IMPACT LEVEL
IMPACT AREAS
Rating Description Financial 1 2 3
Negligible Slight Moderate
No loss Less than £10 Up to £100
4
High
Up to £10,000
5
Very High
More than £10,000
Health and Safety
Impact on Reputation
Legal Impact
Other Potential Impacts
No harm Minor harm Significant, but non lifethreatening injuries Serious injury
No impact Slight embarrassment Local embarrassment
[Specify impact] [Specify impact] [Specify impact]
Potential for death
Reputation is ruined permanently
No impact Minor breach of law Significant illegality without prison or major fines Potential major prosecution with threat to liberty and high fine May lead to lengthy prison term or very large fines
Severe, but temporary damage to reputation
[Specify impact]
[Specify impact]