ICO, the data protection regulator in the UK, has launched its accountability framework.
I agree it doesn’t sound that exciting, but bear with me as it could be a real help for you. The framework, which is similar in concept to the Charity Governance Code, is a checklist to help you demonstrate compliance with data protection (GDPR, PECR, etc).
It breaks down into categories for:
- Leadership and oversight
- Policies and procedures
- Training and awareness
- Individuals’ rights
- Records of processing and lawful basis
- Contracts and data sharing
- Risks and data protection impact assessments
- Records management and security
- Breach response and monitoring
and serves as a very helpful checklist. In fact, with the addition of a section on IT security, it is how I structure my data protection reviews.