New data protection accountability framework

ICO, the data protection regulator in the UK, has launched its accountability framework.

I agree it doesn’t sound that exciting, but bear with me as it could be a real help for you. The framework, which is similar in concept to the Charity Governance Code, is a checklist to help you demonstrate compliance with data protection (GDPR, PECR, etc).

It breaks down into categories for:

  • Leadership and oversight
  • Policies and procedures
  • Training and awareness
  • Individuals’ rights
  • Transparency
  • Records of processing and lawful basis
  • Contracts and data sharing
  • Risks and data protection impact assessments
  • Records management and security
  • Breach response and monitoring

and serves as a very helpful checklist. In fact, with the addition of a section on IT security, it is how I structure my data protection reviews.

You can try the framework self assessment for yourself, or contact me to talk about my guided data protection review.