A new audit framework has been launched by the Information Commissioner’s Office, to support compliance assessments for data protection.
Organisations across the public and third sectors will be empowered by the framework to establish the steps that must be taken to improve data protection practices, whilst also creating a culture of compliance. The framework will also give organisations a starting point to allow them to evaluate how they are handling and protecting personal data.
Practical tools are also on offer to help with the building and maintenance of strong privacy management, whether being used by senior management, data protection officers, compliance auditors, or those responsible for record management and cyber security. An extension of the ICO’s existing Accountability Framework, nine areas will be covered by the toolkits:
- Accountability
- Records management
- Information and cyber security
- Training and awareness
- Data sharing
- Requests for data
- Personal data breach management
- Artificial intelligence
- Age-appropriate design
As part of the toolkits, organisations will be able to download a data protection audit tracker, with this helping them to conduct their own assessments, whilst also tracking the steps that must be taken in areas requiring improvement.
Director of Regulatory Assurance at the ICO, Ian Hulme, said:
"Transparency and accountability in data protection are essential, not just for regulatory compliance but for building trust with the public. Research shows us that people increasingly value the responsible use of their personal information, and want organisations to be able to demonstrate strong data protection practices.
“Our new audit framework will help build trust and encourage a positive data protection culture, as well as being flexible in targeting the most pressing areas of compliance. We want to empower organisations to embrace data protection as an asset, not just a legal requirement."
Image credit: iStock
