A risk mindset is needed across the entire organisation in which risk is identified, assessed, responded to and monitored. The context applied would consider physical, cyber, human resources and data sensitivity themes in order to be proactive in risk around personal information mis-use, breaches and non-compliance.
This is done through understanding risk, categorising risk and through risk assessments and audits which are done on a regular basis.
Risk: Anything that will hinder or prevent your organisation from achieving its goals or purpose
Risk Assessment: Evaluating, measuring, and prioritizing likely relevant events or risks that may materially hinder or prevent your organisation from achieving its goals or purpose.
Managing risk is a continuous process.