As the ICO closes its consultation on its new Accountability Framework this week, it’s never been a better time to consider how you can demonstrate data protection accountability in your organisation. The EU General Data Protection Regulation makes it quite clear that it’s not enough just to adhere to the key principles for processing personal data, but that you also need to be able to show how you are meeting these principles.
But what does that mean in practice? Well, the ICO provides a list of areas where it feels organisations should be demonstrating accountability.
The ICO is currently actively contacting organisations they believe to be processing personal data that are not already registered on the ICO's register of fee payers. Every organisation or sole trader who processes personal information must pay a data protection fee to the ICO unless they are exempt. The potential consequence of not paying this fee or paying the wrong fee is a fine of up to £4,350.
The Northern Information Governance Forum (NIGF) will be welcoming Information Governance and IT professionals to its second event at Wigan Town Hall. This event has a particular focus on Accountability will be held on the 30th January.
It will host speakers from leading organisations including the Data Protection Officer from the Newcastle Building Society sharing his experience of implementing the GDPR’s accountability principle, the Information Governance Manager from Wigan Council speaking about making the best use of Social Media and the Internet and a series of breakout sessions to allow more in depth discussion on different areas of accountability including:
The GDPR and the Data Protection Act 2018 require organisations to ensure staff are aware of their own and the organisation's responsibility in respect of data protection. Other regulatory organisations including PCI DSS, BSI and the FCA also mandate training and awareness for staff.
We believe that face-to-face training and awareness is highly effective as it provides staff with the opportunity to raise questions and discuss data protection issues relating to their organisation. It also establishes an ongoing relationship between our trainers and your staff should they wish to ask further questions post-training.