Toolkit to identify, assess and mitigate data protection risks in your area.
This document supports staff with management responsibilities (which includes responsibility for data protection compliance), including heads of college, heads of school and heads of section.
This document enables you to identify and assess data protection risks in your area, and provides guidance and advice on how to mitigate these risks.
This document applies to all information about people held by your area, regardless of the medium or location in which it is held. This includes paper files, spreadsheets, databases and information held on portable devices.
The data protection risk assessment toolkit comes in two parts. Use the data protection risk self-assessment checklist below, in conjunction with the table in the Excel spreadsheet. The checklist is available in both PDF and RTF format.
Protecting personal information is the responsibility of all University staff. A breach of the Data Protection Act 1998 can lead to the University being fined up to £500,000 or sued. It could also expose the University, its staff, students, research subjects and other members of the public to risks including fraud, identity theft and distress. This could cause significant reputational damage to the University, which would impact on a range of its interests, activities and relationships.
Date: August 2012
Author: Michael Gallagher