What will the ICO want to see?

What's needed for the ICO?

The Information Commissioners Office's Regulatory Action Policy sets outs its approach to enforcement and how it plans to use its powers under the legislation which falls under its remit.

It should make comforting reading for those businesses who take their obligations seriously and take steps to demonstrate compliance.

We have all seen those articles and consultants who talk only of fines under GDPR and claim even the slightest infringement will spell the end for businesses large and small

It also sets out the kind of information the ICO would expect to see as part of any assessment notice if it decides to guage a business's compliance with the Data Protection Act.
- Policies & Procedures
- Training material
- Frameworks
- Contracts 
- Privacy statements
- Privacy Impact Assessments 
- Management/control information 
- Physical and IT security measures
- Interviews with staff and contractors
- Records of processing activity
Ensuring you have sufficient documentation should anything go wrong is obviously a priority but concentrating on that aspect misses one of the most valuable commercial oportunities which comes from being able to validate that your privacy compliance efforts are robust.

Print   Email


Stay In Touch With Us

Subscribe to our news letter to get the latest news from Fidabona