The United Kingdom’s Information Commissioner’s Office has launched a public consultation on how to create a toolkit to help organizations assess whether they have appropriate and effective internal data protection governance arrangements in place and to help them demonstrate their compliance with the General Data Protection Regulation (GDPR).
Per the GDPR accountability principle, data controllers must demonstrate their compliance through internal data protection measures and practices.
- implementing data protection policies
- recording the processing
- taking a data protection by design and by default approach
- having written contracts in place with processors
- implementing appropriate security measures
- recording and, where necessary, reporting data breaches
- appointing a data protection officer
- establishing processes for handling data subjects’ rights requests
- carrying out data protection impact assessments
The ICO wants to hear from those who have responsibility for data protection and particularly about:
- current practices regarding accountability
- what might lead to improvements
- how the ICO can support companies
- what scope and structure may be most helpful