Introduction 

Identifying Risks is the first step in your Data Protection journey. 

Once you have identified your risks, create and manage your Data Protection/Privacy Programme to take action to treat or manage them. 


Manage your Programme in 4 main ways

  1. Bridge Gaps 
  2. Manage Risks
  3. Manage Policies 


1. Bridge Gaps

Bridge gaps with the Action Plan. 

Take action with Recommended Tasks, update your Compliance Status as 'Completed', add evidence, and watch your Overall Progress score improve! 


2. Manage Risks


RISKS REGISTER

  • Go to 'Settings' to update the configuration of your Risk Matrix to evaluate impact and probabiliy. 
  • Input into the Register all the risks you have identified.  
  • Evaluate each risk in terms of the inherent impact and inherent probability 


  • View a summary of all risks and decide which to treat first
  • Decide on and document risk treatment; click 'Read more' and Add Risk Treatment. You can also add tasks to make specific people accountable for effecting the risk treatment.  
  • Evaluate the risks and update the residual risk impact and probability that would remain if the risk treatment is put into effect 


Add a New Risk 

  • Click the blue 'Add New' button
  • Input into the Register all the risks you have identified. There is a 1-2-3 step flow to be used. 

            


  • Step 1 - Risk Summary 
  • Step 2 - Inherent Rating
  • Step 3 - Residual Rating


  • Step 1 - Risk Summary 
  • In the Risk Summary, update the following:
    • The Description of the risk
    • Target date when controls for the risk should be put in place
    • Comments/Remarks (optional)
    • Business Process - you can link the relevant process for which this risk is relevant
  • Click the Submit button, or click on the link '>>  Inherent Rating' to continue    

        

  • Step 2 - Inherent Rating
    • Assess the Impact and Probability of the risk occuring, and select the values from the drop lists, which are drawn from the Risk Matrix 
    • To address the risk, add treatments to control it. Do this by clicking the New Treatment button and entering the treatment 
  • Step 3 - Residual Rating
    • Determine the residual risk rating and input these. These represent the residual risk that would remain after  implementing the risk treatments to control the risk. 


    

       


RISKS SUMMARY

  • Click Risks Summary to view the graphical output of your Risks Register.
  • You can also sort the risk scores to help you in your prioritisation.