The UK’s Information Commissioner’s Office (“ICO”) published earlier this month its Accountability Framework, available here. The Accountability Framework is designed to assist companies demonstrate compliance with their accountability obligation under the General Data Protection Regulation (“GDPR”) and assess whether their current measures meet the ICO’s expectations.
The Accountability Framework consists of ten categories where the ICO expects companies to be able to demonstrate compliance:
- Leadership and oversight;
- Training and awareness;
- Transparency;
- Contracts and data sharing;
- Records management and security;
- Policies and procedures;
- Individuals’ rights;
- Records of processing and lawful basis;
- Risks and data protection impact assessments; and
- Breach response and monitoring.
Continue Reading The UK’s Supervisory Authority releases its Accountability Framework