8. Incorporating Privacy Risks into planning
Explain how the risks and solutions or mitigation actions will be incorporated into the project/business plan, and how they will be monitored. There must be a named official responsible for addressing and monitoring each risk.
|Risk||Ref||How risk will be incorporated into planning||Owner|
|Mismanagement by DWP staff – eg claimants who are not eligible for WFS are referred in error and therefore data shared inappropriately||DPA 06||Risk will be monitored by the DWP/ SG Joint Operational Performance Group||JCP Integration Team Leader|
|Personal data is mis-managed by WAS contracted providers||DPA 07||WAS Delivery Assurance Group||Service Delivery Team Leader|
|Personal data is mis-managed by SDS staff||DPA 08||Mitigation of Risk managed within SDS Data protection policy and precedures. WAS Delivery Assurance Group||SDS|
|General Data Protection Regulation – Fair Processing Notices do not meet new standard.||DPA 09||WAS Delivery Assurance Group||Service Delivery Team Leader|
|Transfer of referral form via clerical process introduces the risk of personal data being inappropriately shared||DPA 10||WAS Delivery Assurance Group||Service Delivery Team Leader|