The ICO exists to empower you through information.

Now that you have identified potential impacts on children’s rights you must assess the likelihood of these impacts occurring, and the magnitude of these impacts on children if they do. You can do this whichever way works best for your organisation, however we have created the self-assessment risk tool as a template to help.

Ways to think about recording risk:

For risks, the below matrix shows a simple and structured way to categorise overall risk levels based on consideration of likelihood and severity. This is taken from the ICO’s guidance on DPIAs.

For positive impacts, you can take a similar approach by considering likelihood of these impacts occurring alongside the extent of impact to arrive at an assessment of overall benefit.

Tools and further resources

Our self-assessment risk tool helps you to assess code-related risk levels within your organisation.

To understand regulatory standards for children’s wellbeing that you should refer to in order to conform with the code’s Detrimental use standard, see our guidance on common uses of children’s data in online services and relevant codes, regulations and guidance.

For further guidance on understanding risks associated with artificial intelligence, see our AI and data protection toolkit.