Self-Risk
Assessment Tool

Risk Assessment

Name of Company

Does your Company have a data inventory?
01

Are your Data Protection Policies easy to understand?
01

Do you carry out a DPIA everytime a change is introduced in the Orgaisation? i.e. New Policies, Processes, tools, etc.
01

Do you conduct regular Data Protection Risk Assessments?
01

Do you have a Process to deal with SARs and have your Employees been made aware of it?
01

Do your Employees receive regular Training on Data Protection?
01

Do you require your Employees to follow good Digital Practices? i.e. Regular Password Changes, 2 Factor Authentication, Ringfencing Important Data, etc.
01

Do you involve all you Employees in the Data Culture of your Workplace?
01

If a Data Breach occured would you know how to assess to determine the impact, and therefore know if it is reportable to the ICO?
01

If a Data Breach occurs, do you have a Post Event Process that you can use to Learn and Improve?
01

Your Data Risk Score

[cf7mls_step cf7mls_step-1 “Next” “”]

Potential Losses

What is your Annual Turnover?

Your current Number of Projects?

Your current Number of Clients?

Your Score from Part 1

The cost of a Fine from the ICO?

Value from Lost Clients?

Value from Lost Projects?

Cost of a Civil Suit(est. 10 day in court)?

Total Reputational Damage(Assuming it takes 3.2 years to recover)?

NB: Estimations are based on risk self-assessment and average values. These are all indicative numbers.[cf7mls_step cf7mls_step-2 “Back” “Next” “Step 2”]

Growth Inhibitors Tools

Number of Employees?

Maximum Number of Clients per Employee per Year?

Current Annual Turnover?

Current Annual Costs?

Cost of Investment in Data Protocols?

Your Score from Part 1

[cf7mls_step cf7mls_step-3 “Back” “Next” “Step 3”]Your Name

Your Email

Your Phone Number

Are you happy for us to contact you regarding these results?

[cf7mls_step cf7mls_step-4 “Back” “Step 4”]