UK ICO Publishes Its Accountability Framework

Monday, September 14, 2020

On September 9, 2020, the UK Data Commissioner’s Workplace (“ICO”) printed an Accountability Framework, designed to help organizations in complying with their accountability obligations below the EU Common Knowledge Safety Regulation (“GDPR”). The GDPR’s accountability precept requires that organizations each adjust to their authorized necessities below the GDPR, and likewise show their compliance. The ICO states that its Accountability Framework “helps the foundations of an efficient privateness administration programme.”

The ICO notes that its Accountability Framework continues to be in its “beta part,” and that it is going to be improved over time following session with stakeholders. The construction of the Framework is predicated on 10 core points of the GDPR, particularly: (1) management and oversight; (2) coaching and consciousness; (3) transparency; (4) contracts and knowledge sharing; (5) information administration and safety; (6) insurance policies and procedures; (7) people’ rights; (8) information of processing and lawful foundation; (9) dangers and knowledge safety affect assessments; and (10) breach response and monitoring. For every of the 10 core areas, the Framework identifies sensible methods during which organizations can meet their compliance obligations.

The ICO additionally gives an accountability self-assessment instrument as a part of the Framework, which gives suggestions on the place organizations are or should not assembly expectations. This instrument requires organizations to estimate their degree of compliance throughout the 10 areas listed above, after which generates a report to help organizations in figuring out key areas of focus. The ICO explains that this report can be utilized as a instrument to speak present ranges of compliance and areas for enchancment to senior managers inside the group. As well as, organizations can use the ICO’s accountability tracker to measure how their accountability compliance progresses over time.

In accordance with the ICO, the Accountability Framework shall be of explicit use to these accountable for implementing knowledge privateness administration packages, equivalent to senior administration, knowledge safety officers and people accountable for information administration and data safety. The construction of the Framework is broad and versatile in order that organizations might train judgment as to which of the articulated expectations are most related to their enterprise. The ICO notes that the strategies recognized within the Framework for assembly its expectations of accountability should not exhaustive, and that organizations might meet these expectations in “barely totally different or distinctive methods.”

Ian Hulme, the ICO’s Director of Regulatory Assurance, said: “Knowledge safety compliance just isn’t one dimension matches all. Our framework has been designed to assist organisations to determine the precise steps and actions to enhance their compliance. It ought to empower and allow you to embed accountability all through your organisation. Efficiently embedding accountability will improve your status as a enterprise that may be trusted with private knowledge. The general public are more and more demanding to be proven how their knowledge is getting used and the way it’s being taken care of. They need to know that their private knowledge is in secure arms, and that you’ve put in place mechanisms to guard their data.”

Suggestions could also be submitted on the Framework earlier than November 2, 2020. Organizations are additionally in a position to register to participate in future session.