Privacy Risk Assessment Template

Utilize this Privacy Risk Assessment Template to assess privacy risks associated with data handling, onward transfers, security, and data integrity.

Privacy Risk Assessment Template



General Inspection

1. Has your business area provided notice to each person where it is either legally or otherwise required by Lilly or local regulations?


Photo Comment

2. Is the purpose for the collection and use of the information included in the notice?


Photo Comment

3. Is information on how individuals can contact the company with concerns, questions, or issues included in the notice?


Photo Comment

4. Are the types of third parties to whom this information is disclosed included in the notice?


Photo Comment

5. Is information on how the organization limits its use and disclosure of this information included in the notice?


Photo Comment

6. Does the business area have documented procedures or processes to manage requests from individuals that allow them access to, copies of, corrections to, or removal of their personal information?


Photo Comment
Onward Transfer

1. Do third parties manage information for the business area?


Photo Comment

2. Does the business area have an inventory of where personal information is collected, stored, processed, or managed?


Photo Comment

3. If yes, does this inventory document what is collected, stored, and processed?


Photo Comment

4. If yes, is this data transferred to another organization or entity?


Photo Comment

5. If PI is transferred, check the following by each type of control used to protect the PI


Photo Comment

6. Are there documented agreements in place with external organizations, when transferring data between a company entity and an external organization, requiring the external organization to comply with the company’s privacy expectations?


Photo Comment
Security

1. Does the business have control procedures (SOPs, access requirements, periodic reviews, etc.) in place to limit company agents (employee, contractor, vendor, alliance partner, etc.) access to PI ONLY to those having a business need for such access?


Photo Comment

2. Can the business produce a list of all individuals having access to PI (whether it is electronic data, hard copy data, etc.)?


Photo Comment

3. How often is system access reviewed and individual access rights updated?


Photo Comment

4. Which of the following methods do you use when transferring PI? (SOPs, Access Control Lists , Periodic Reviews of Access Control lists, Secure Email, Virtual Privacy Networks, File-based encryption, Secure, dedicated line transfer)


Photo Comment

5. What security measures does the business area regularly use to physically protect PI?


Photo Comment

6. Is the business area following privacy guidance when collecting, storing, or processing PI via electronic, audio, visual, or print media?


Photo Comment
Data Integrity

1. Does your business area comply with the Global Records Retention Schedule with regard to PI or SPI?


Photo Comment

2. Do you routinely access / review / monitor your affiliate or business area to determine whether the PI collected, stored, or processed is necessary to meet the stated business objectives?


Photo Comment

3. Are privacy stewards aware they must report unauthorized PI disclosures (for example, lost backup tapes containing PI) to the Global Privacy Office or to the Chief Privacy Officer?


Photo Comment

4. Enforcement: Has management actively informed employees of their responsibility, except where prohibited by law, to report incidents or suspected personal incidents?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists