Public administrations in Switzerland are in the midst of a digital transformation. Topics such as cloud computing, big data and smart services not only offer new opportunities, but also bring with them various risks. As a result of digitalization, the topics of data protection and data security, as well as risk management, must be brought into focus so that an administration can protect its data as efficiently and effectively as possible. However, these topics are often neglected due to the rapid increase in digitalization projects, which can cause damage to an administration. In addition, the neglect of these topics is also intensified by the fact that digitalization in administrations is often driven forward by non-IT people, who often have little experience in the areas of data protection and data security. The aim of this work is to present relevant aspects of data protection and data security in an easy-to-use artifact, so that every project manager can check his personal project for possible weak points. The artifact helps project managers to become aware of possible violations or risks and to get assistance in dealing with them. Based on a standard risk management process, the findings from the literature were packaged into simple questions to be answered in a workflow by the project manager. In the end, the artifact provides a risk assessment for the data used in the project.