An information asset register is a catalogue of the information held by an organisation; including storage location, retention periods, asset owners, internal and external data flows. It functions as a tool to help identify, manage and mitigate risk relating to these assets. Assigning ownership to assets ensures appropriate accountability, and a risk register should be implemented to define actions to take in response to the risk. The register must be continually under review to maintain its integrity, by identifying any new assets and removing expired ones.
Under the recommendations of the University wide GDPR Working Group, each University department is required to maintain an Information Asset Register. These are then collated and reviewed by the Information Compliance Unit. A template and guidelines on how to complete it are available on request.