The Information Commissioner’s Office (ICO) has launched a new audit framework designed to help organisations assess their own compliance with key requirements of data protection law.
It said the framework enables public bodies and third sector organisations to identify necessary steps to improve their data protection practices and create a culture of compliance, and provides them with a starting point to evaluate how they handle and protect personal information.
It can be used by senior management, data protection officers, compliance auditors or those responsible for records management or cyber security, and provides practical tools for building and maintaining strong privacy management.
Nine toolkits cover accountability, records management, information and cyber security, training and awareness, data sharing, requests for data, personal data breach management, artificial intelligence and age-appropriate design.
Each toolkit has a downloadable data protection audit tracker that will help organisations conduct their own assessment of compliance, tracking actions that must be taken in areas needing improvement.
Building trust
Ian Hulme, ICO director of regulatory assurance, said: "Transparency and accountability in data protection are essential, not just for regulatory compliance but for building trust with the public. Research shows us that people increasingly value the responsible use of their personal information and want organisations to be able to demonstrate strong data protection practices.
“Our new audit framework will help build trust and encourage a positive data protection culture, as well as being flexible in targeting the most pressing areas of compliance. We want to empower organisations to embrace data protection as an asset, not just a legal requirement."