Data Protection Academy » Data Protection Wiki » Risk assessment (GBU)

Create a risk assessment (GBU): Practical guide

Risk assessment (GBU): Everything you need to know

What is a risk assessment and why is it mandatory for organisations?
Whether in the office, warehouse, field service or home office - every job entails specific risks. The risk assessment helps to systematically recognise and evaluate these risks and derive effective protective measures. In this article, you will learn step by step how to implement the risk assessment in a legally compliant and practical manner, which legal requirements apply and how digital tools can support you in doing so.

Most important information on risk assessment (GBU)

  • According to Section 5 of the Occupational Health and Safety Act, the GBU is mandatory for all employers. legal obligation,  regardless of industry or organisation size.
  • The purpose of the risk assessment is Destination identify and assess health hazards in the workplace and define effective protective measures.
  • For more than 10 employees, there is a Documentation obligation for the GBU, in written or digital form.
  • Changes in the workplace, new hazards or incidents require a review and Regular adjustment of the GBU.
  • Employees often know the risks best, and their perspective is essential for a realistic assessment. For this reason, the Involvement of employees of central importance.
  • Software solutions Simplified implementation, documentation and repetition of the GBU, especially in growing companies.

Content on the topic of risk assessment (GBU):

What is a risk assessment (GBU)?

Risk assessment is the foundation of modern occupational health and safety. It is a structured process that serves to systematically identify and analyse potential hazards in the workplace and take appropriate protective measures. The aim is to prevent accidents, work-related illnesses and long-term damage to health - and this applies to every sector, from industry to traditional office jobs.

Imagine walking through an office blindfolded - you don't know where cables are lying around, whether the office chair is safe or whether the monitor is set up incorrectly. It is precisely these "blind spots" that the risk assessment uncovers. It creates transparency about risks before they become a problem.

Whether it's ergonomic poor posture at a computer workstation, mental stress caused by high deadline pressure or dangerous corners in the warehouse: a professional risk assessment gives employers the chance to take countermeasures in good time. It is therefore not only a legal requirement, but also a real game changer for safe and healthy working conditions.

Legal background: The Occupational Health and Safety Act

Meaning in the Occupational Health and Safety Act

Risk assessment is enshrined in the German Occupational Health and Safety Act (§ 5 ArbSchG) and is one of the central obligations for employers. It states: "The employer must assess the working conditions and take protective measures on this basis. This obligation is non-negotiable - it is part of the company's responsibility towards its employees.

And that's a good thing. Because the law ensures that companies don't just act when something happens, but ensure safe workplaces in advance. The risk assessment is therefore a preventative tool with enormous potential.

Legal obligations for employers

Every employer - regardless of size or sector - is obliged to carry out a risk assessment. In doing so, they must not simply implement generalised measures, but must take into account the specific circumstances on site. The following also applies:

The assessment must be documented if more than ten employees are employed.
It must be updated regularly, especially in the event of changes in the work process.
Employees must be informed about hazards and protective measures in a suitable manner.

Anyone who ignores these requirements risks not only fines, but also serious liability consequences - especially in the event of accidents at work.

Our recommendations for further information

All/Occupational safety and health/Information Security

Workplace risk assessment: Why is it important?

A risk assessment is far more than just an annoying compulsory exercise. It is the key to sustainable safety and health protection in the company. It helps to recognise potential risks at an early stage - i.e. before they turn into costly problems.

Especially in times of skills shortages, increasing workloads and growing digitalisation, it is essential to regularly review working conditions. After all, only healthy and motivated employees are productive and remain loyal to the company in the long term.

  • The most common risks uncovered by a risk assessment include
  • Ergonomic risks: Incorrect sitting postures, desks that are not height-adjustable or poor lighting conditions.
  • Mental stress: Stress, excessive demands or social conflicts within the team.
  • Physical hazards: Noise, heat or dangerous machinery.
  • Chemical loads: Pollutants, cleaning agents or solvents.

The result of a risk assessment is therefore not just a list of sources of danger, but an action plan that protects health, optimises processes and even increases employee satisfaction.

Create a risk assessment: Steps to the GBU

Before the actual risk analysis can begin, solid preparation is required. This means collecting information, understanding the workplace and involving those involved. This includes, for example

  • Carry out site inspections
  • Conduct interviews with employees
  • Analysing accident statistics and health data
  • Check hazard catalogues and legal requirements

This step is essential in order to obtain a realistic picture of the risk situation - not only from the point of view of managers, but above all from the perspective of the employees themselves. Only then can specific hazards be identified. Checklists, guidelines or even external occupational safety experts can help with this. It is important not to overlook any source of danger - even seemingly small things such as a lack of break rooms or telephones that are too loud can become a problem in the long term.

Create a risk assessment (GBU): Practical guide

1. define work areas and activities:

  • Target: All areas and activities in the organisation are systematically recorded.
  • Why: This is the only way to identify all potential hazards.
  • Example: Production, office, warehouse, cleaning, etc.
  • Identify hazards:
    • Target: All possible sources of danger are identified.
    • Why: In order to be able to take targeted measures to minimise risk.
    • Examples: Tripping hazards, noise, chemicals, heat, mental stress.

2. assess hazards:

  • Target: The severity and probability of a hazard is assessed.
  • Why: To determine the urgency of measures.
  • Example: A high risk of falling when working at great heights is rated higher than a low risk of tripping.

3. define measures:

  • Target: Specific measures to avoid or minimise the risks are defined.
  • Why: To increase safety in the workplace.
  • Examples: Protective clothing, barriers, technical modifications, training.

4. implement measures:

  • Target: The defined measures are implemented.
  • Why: To ensure the effectiveness of the measures.
  • Example: Installation of handrails, provision of safety goggles.

5. check effectiveness:

  • Target: It is checked whether the measures are successful and have reduced the risks.
  • Why: In order to be able to make adjustments if necessary.
  • Example: Regular inspections, employee surveys.

6. update the risk assessment:

  • Target: Risk assessment is a dynamic process and must be updated regularly.
  • Why: Changes in work processes, new technologies or legal requirements require an adjustment of the assessment.
  • Example: Introduction of new machines, changes to work processes.

Risk assessment Example: Office workplace

Typical dangers in the office

At first glance, the office workplace seems harmless - but there are numerous risks lurking here too. Many of them are insidious and only become noticeable over a longer period of time. Typical dangers are

  • Ergonomic strain due to unsuitable office chairs or incorrectly adjusted monitors
  • Eye strain due to poor lighting or reflections on the screen
  • Mental overload due to permanent availability, multitasking or unclear work instructions
  • Fire hazard due to overloaded sockets or improper handling of electrical appliances

Create a risk assessment: Practical tips

Creating a risk assessment can seem complicated at first glance, but with a structured approach, every company can succeed. It is important to proceed step by step and not to take any shortcuts.

Tip 1: Employee participation
Nobody knows the day-to-day risks better than the employees themselves. They should be actively involved in the process - e.g. through workshops, questionnaires or inspections with the safety officer.

Tip 2: Use checklists
There are numerous templates and industry-specific checklists that provide initial guidance. They help to ensure that no source of danger is overlooked and to maintain an overview.

Tip 3: Consult external expertise
Occupational health and safety specialists or company doctors have the necessary expertise to assess even complex hazardous situations. Collaboration with experts is particularly worthwhile in small and medium-sized companies.

Tip 4: Prioritise risks
Not every risk is equally critical. Risks should therefore be prioritised according to their probability of occurrence and severity of damage. This allows measures to be implemented in a more targeted and cost-effective manner.

Your path to implementing a digital risk assessment

Implement your risk assessment digitally with Robin Data ComplianceOS®. Systematically record and evaluate risks at the same time and document appropriate measures. This not only saves you time, but also ensures compliance with legal requirements. Invest in a reliable software solution and strengthen occupational health and safety in your organisation in the long term.

Further Information

Risk assessment according to workplace type

Risk assessment in the warehouse
Warehouse workplaces harbour specific risks: heavy loads, traffic routes with forklift trucks, slip hazards or poor lighting. Physical hazards in particular must be analysed in detail. Important measures include

  • Training in safe lifting and carrying
  • Labelling of walkways
  • Regular maintenance of racking and lifting equipment
  • Wear safety shoes and high-visibility waistcoats

Risk assessment in field service
Field staff are often travelling alone, driving long distances and working in changing environments. The risk assessment must therefore include mobility, working alone and possible mental stress. Measures can include

  • GPS tracking for localisation in emergencies
  • Training on de-escalation and self-protection
  • Fixed rest periods and working time regulations

Risk assessment in the home office
Since the pandemic, working from home has become an integral part of many working models - but people often forget that a risk assessment is also mandatory here. This primarily involves ergonomic, psychological and technical risks:

  • Provision of ergonomic work equipment
  • Clear regulation of working hours and breaks
  • Security of the IT infrastructure (e.g. VPN, password protection)

Who is responsible for the risk assessment?

The responsibility for the risk assessment clearly lies with the employer. They must ensure that all legal requirements are met - regardless of whether they delegate tasks or use external service providers.

However, safety officers, managers or occupational safety specialists can take on the day-to-day implementation. It is only important that they have the necessary knowledge and that responsibility is clearly regulated.

Employees also share responsibility - they must actively participate, report hazards and comply with protective measures. A safe workplace is teamwork!

Risk assessment software: Digital tools to support the creation of the GBU

Digitalisation also offers many advantages in occupational safety. There are now numerous software solutions and online tools that support companies in creating and maintaining their risk assessments. The advantages are:

  • Time-saving templates and checklists
  • Automatic reminder for checks
  • Centralised documentation and archiving
  • Integration of mobile devices for on-site inspections

Documentation of the risk assessment

Documenting the risk assessment is not just a formal act, but also legally required proof that the employer has fulfilled its occupational health and safety obligations. According to Section 6 of the German Occupational Health and Safety Act (ArbSchG), all results and measures must be recorded in writing or digitally - especially if there are more than ten employees in the company.

What needs to be documented?

Complete documentation includes

  • Date of the risk assessment
  • Description of work areas and activities
  • Identified hazards
  • Assessed risks
  • Protective measures taken
  • Responsible persons
  • Date for the next review

It is not enough to make general statements - the documentation must be specific, comprehensible and verifiable for third parties. Documentation can be crucial, especially in the event of inspections by the employers' liability insurance association or in the event of an accident at work.

Forms of documentation

The GBU can be kept in traditional paper form, but more and more companies are turning to digital solutions. These offer:

  • Easier updating
  • Centralised access for managers
  • Automatic reminders for inspections
  • Better archiving and search function

Important: Digital documentation must also be kept in compliance with data protection regulations, especially if it contains personal data.

Repetition and updating of the assessment

A risk assessment is not a one-off process. It must be regularly reviewed and adapted - because working conditions, technologies and legal requirements are constantly changing. The responsibility for this remains with the employer.

When does it need to be updated?

A new assessment or revision of the existing GBU is required for

  • Changes in the work process (e.g. new machines, new software, reorganisations)
  • Accidents or near-accidents
  • New scientific findings or legal changes
  • Introduction of new substances or activities
  • Structural changes to the workplace
  • How often does it make sense to check?

Even without specific changes, it is advisable to review the GBU regularly - e.g. annually or every two years. A fixed deadline is not defined in the law, but industry standards and recommendations from employers' liability insurance associations provide helpful guidance.

Continuity is the key: a regularly updated risk assessment shows that occupational health and safety is taken seriously and demonstrably improves the level of safety in the company.

Mistakes that should be avoided in the risk assessment

Even if many companies carry out the GBU as required, mistakes often creep in - whether due to ignorance, time pressure or a lack of resources. These errors can have serious consequences in an emergency.

Frequent stumbling blocks:

  • Incomplete analysis: Only obvious dangers are recorded, while psychological or long-term risks are overlooked.
  • No employee involvement: Employees are not consulted or are only involved superficially - although they often have the best insight.
  • Unclear responsibilities: It is not specified who is responsible for which protective measures.
  • Missing or outdated documentation: Old versions are not updated or there is no complete traceability.
  • No control of the measures: Although measures are defined, their implementation is not monitored.

How to avoid mistakes:

  • Plan enough time and resources.
  • Use checklists and digital tools.
  • Train managers and safety officers.
  • Keep communication with employees open.
  • Carry out regular audits.

A thorough GBU is not a bureaucratic obstacle - it is an active contribution to a better, safer and more efficient workplace.

FAQs Risk assessment

GBU stands for "risk assessment" and describes the systematic recording and evaluation of hazards in the workplace.

Yes, every organisation - regardless of size or sector - is obliged to carry out a GBU in accordance with the Occupational Health and Safety Act.

Always when there are significant changes in the workplace or at least every one to two years.

Yes, many employers' liability insurance associations and occupational health and safety portals offer free checklists and sample documents. Software solutions also provide templates for the GBU.

Digital GBU tools enable automated reminders, legally compliant templates and centralised documentation. In contrast to static Excel lists, software is clearer, audit-proof and team-capable - ideal for dynamic working environments or multiple locations.

Newsletter registration

Conclusion: Digital risk assessment is the new standard in occupational health and safety

The risk assessment - or GBU for short - is a key tool in occupational health and safety. It not only protects the health of employees, but is also a strategic element of successful company management. Whether office, warehouse, field service or home office - every activity entails its own risks that need to be identified, assessed and minimised.

The effort pays off in many ways: organisations benefit from legal certainty, fewer absences, motivated employees and a strong employer image. Modern software and online courses make implementation easier than ever. However, those who are still doing it with pen, paper and Excel lists are not only wasting time, but also quality. Modern occupational health and safety needs digital support - and this is exactly where professional risk assessment software solutions come into play.

Whether automatic reminders, centralised documentation, legally compliant templates or mobile inspection logs: with the right software, hazards can be identified more quickly, measures can be implemented more efficiently and legal requirements can be better fulfilled. Especially in dynamic working environments where processes, teams and technologies are constantly changing, a digital GBU solution offers the necessary flexibility and up-to-dateness.

In short, if you want to make occupational health and safety fit for the future today, there is no way around digital tools. A software-supported risk assessment is not only smarter - it is safer, more transparent and significantly less time-consuming. Embrace the digital transformation in occupational safety and make your company fit for the future.

Those who see the GBU as an opportunity - and not an obligation - are laying the foundations for sustainable corporate success.

Caroline Schwabe
Latest posts by Caroline Schwabe (see all)

This might interest you too:

DSMS according to GDPR: Structure & practical implementation

Learn all about templates, structure and implementation of a GDPR-compliant data protection management system (DMS).
Read more
artificial intelligence

AI and data protection in practice

Find out how artificial intelligence can be used in compliance with the GDPR. A practical guide.
Read more
artificial intelligence

AI REGULATION: Regulation of artificial intelligence

Find out all about the EU and German AI regulation: current status, legal requirements and effects.
Read more