Step 5: Identify and assess risks
-
Due to the Data (Use and Access) Act coming into law on 19 June 2025, this guidance is under review and may be subject to change. The Plans for new and updated guidance page will tell you about which guidance will be updated and when this will happen.
Step 5: Identify and assess risks
We have carefully reviewed our processing and do not think that we carry out any activities that are likely to pose a significant risk to users. Specifically, we are satisfied, that the processing is not likely to give rise to any of the following harms:
- access to websites offering age-inappropriate content or activities;
- financial harm (eg advertising encouraging inappropriate or excessive spending online);
- grooming or abuse;
- inappropriate sharing of personal information, including via uploading content containing children’s personal data;
- access to inappropriate goods;
- discrimination (around price of products);
- harassment, bullying, loss of social standing leading to self-esteem and mental health issues;
- intrusion into private spaces and associated loss of privacy for the child;
- inaccessibility of services or discrimination due to a disability; or
- service lock-in ie unfair contractual terms.
Describe source of risk and nature of potential impact on individuals. Include as a minimum an assessment of particular risks to children as listed in the DPIA standard in the Children’s Code. You may need to consider separately for different age groups. |
Likelihood of harm Remote, possible or probable |
Severity of harm Minimal, significant or severe |
Overall risk
Low, medium or high |
---|---|---|---|
|
possible | significant | medium |
|
possible | minimal | low |
|
possible | minimal | low |
|
possible | minimal | low |
|
remote | minimal | low |