Regulator launches new tools to help with data protection compliance
17th October 2024
“This looks to be a really helpful new resource from the Information Commissioner’s Office to guide organisations when they’re thinking about their data protection compliance measures. The way that the individual toolkits are structured means that the different topics are easily accessible. While the toolkits are a starting point and not exhaustive, the artificial intelligence toolkit in particular provides some valuable pointers while we wait for an updated version of the ICO’s AI and data protection guidance”.
The ICO recently launched a new data protection audit framework to help organisations assess their own data protection compliance. In this article we’ll be looking at:
- Who the new framework is aimed at
- What tools are available
- Practical advice
- How we can support you
Who is the new framework aimed at?
The ICO explains that the framework is suitable for large businesses and organisations in the public, private and third sectors. It’s not directly applicable to small businesses and organisations, or to those involved in intelligence services processing.
The framework is designed to be used by those individuals who already have some familiarity with data protection law and are responsible for data protection compliance in their organisation. Examples include senior management, data protection officers, internal compliance auditors, or those responsible for records management or information security.
What tools are available?
There are nine separate toolkits covering the following areas, which the ICO looks at when it conducts its own audits:
- Accountability
- Records management
- Information and cybersecurity
- Training and awareness
- Data sharing
- Requests for data
- Personal data breach management
- Artificial intelligence
- Age appropriate design
Each toolkit is then divided into different topics relevant to that particular area. Under each of these the ICO sets out:
- “Control measures”: Examples of measures that an organisation should have in place to manage identified risks and ensure effective compliance with data protection law
- A list of ways to meet the ICO’s expectations for that control measure; and/or
- Other options to consider.
Practical advice
The ICO suggests starting off with the Accountability toolkit which supports the foundations of an effective privacy management programme. The other toolkits follow on from there, covering other areas in more detail. It’s made clear that there’s no one-size-fits-all approach – you need to think about what happens in your own organisation. What are you doing with personal information to manage the risks appropriately? The framework is described as a useful starting point and it’s not exhaustive. So it’s important that you use it in conjunction with other available materials and guidance.
Data protection compliance: How we can support you
Data protection compliance is a key concern for all businesses, even more so against a backdrop of increasingly sophisticated cyberattacks and the rise of AI and other emerging tech. Our Regulatory & Compliance and Technology & Digital experts are at the forefront of recent developments.
Please contact Nick Stubbs or Andrew Northage if you need help with any aspect of your data protection compliance or wider issues around cybersecurity or the use of AI.
Our people
Andrew's contact details
