The Information Commissioner’s Office (ICO) has launched a new audit framework designed to help organisations comply with key requirements under data protection law.
The framework, an extension of the ICO’s existing Accountability Framework, gives organisations the powers to identify necessary steps to improve their data protection practices. It is designed to be a ‘starting point’ for organisations to assess how they manage and protect personal information.
The new framework provides nine toolkits covering key areas that are likely to be reviewed during a data protection audit. These are:
– Accountability
– Records management
– Information and cyber-security
– Training and awareness
– Data sharing
– Requests for data
– Personal data breach management
– Artificial intelligence
– Age-appropriate design
Each toolkit contains downloadable data protection audit trackers that will help organisations conduct their own assessment of compliance. This will help identify areas needing improvement, manage risks and ensure they are effectively complying with data protection law. They also contain a list of ways in which the organisations can meet ICO expectations and additional options to consider based on examples of good practice the ICO has seen during audits.
ICO Director of Regulatory Assurance, Ian Hulme, said: “Transparency and accountability in data protection are essential, not just for regulatory compliance but for building trust with the public. Research shows us that people increasingly value the responsible use of their personal information and want organisations to be able to demonstrate strong data protection practices.
“Our new audit framework will help build trust and encourage a positive data protection culture, as well as being flexible in targeting the most pressing areas of compliance. We want to empower organisations to embrace data protection as an asset, not just a legal requirement.”
The framework is suitable for large businesses and organisations in the public, private and third sector, but it is not applicable to:
– Small businesses and organisations, these are usually classed as businesses with 50 or fewer employees – if your organisation falls under this bracket, they should use the resources on the ICO’s web hub.
– Organisations processing personal information subject to Part 4 of the Data Protection Act 2018, which covers data handling by UK intelligence agencies.
Barings Law solicitor and Head of Data Breach, Adnan Malik, said: “The new data protection audit framework is a helpful and useful resource for businesses ensuring they are aware of their responsibilities.
“As data processors and controllers, the framework clearly explains what a business needs to do to protect personal data. It will mean businesses have no excuses – they must ensure they know, and implement, the necessary steps to mitigate the risk of a breach.”
If you believe you are a victim of a data breach, you may be eligible to claim compensation from the company that failed to protect it.
Barings Law has a team of legal experts who can help you make your claim and fight your corner, all on a no-win no-fee basis.
All you need to do is click the button below to fill in our claim form, which is quick and easy to do. Once our team receive your information, they will get the ball rolling and start working towards securing justice on your behalf.
At Barings Law, your legal concerns are our top priority. Whether you need guidance on a complex legal matter or have questions about our services, our team is ready to assist you.
Copyright © 2024 Barings Law.
All rights reserved.