Records Management

Data protection risk assessment toolkit

Toolkit to identify, assess and mitigate data protection risks in your area.


This document supports staff with management responsibilities (which includes responsibility for data protection compliance), including heads of college, heads of school and heads of section.


This document enables you to identify and assess data protection risks in your area, and provides guidance and advice on how to mitigate these risks.


This document applies to all information about people held by your area, regardless of the medium or location in which it is held. This includes paper files, spreadsheets, databases and information held on portable devices.

Data protection risk assessment toolkit

The data protection risk assessment toolkit comes in two parts. Use the data protection risk self-assessment checklist below, in conjunction with the table in the Excel spreadsheet. The checklist is available in both PDF and RTF format.

Why do I need to do this?

Protecting personal information is the responsibility of all University staff. A breach of the Data Protection Act 1998 can lead to the University being fined up to £500,000 or sued. It could also expose the University, its staff, students, research subjects and other members of the public to risks including fraud, identity theft and distress. This could cause significant reputational damage to the University, which would impact on a range of its interests, activities and relationships.

About this guidance

Version: 2

Date: August 2012

Author: Michael Gallagher