Data Protection Resources

A selection of how-to guides and practical information designed to help organisations manage their privacy and data protection operations. Here you will find a mix of in-house developed resources for Data Protection Officers (DPOs) and GDPR Training Paths, combined with quick links to relevant legislation, the UK Information Commissioner's Office (ICO), European Data Protection Authorities, and a selection of industry bodies. This is a BETA release that will be developed over time to increase functionality.

Data Protection Officers Resource

The data protection officer (DPO) role is not new. However, under both the EU and UK versions of the General Data Protection Regulation (GDPR), the DPO has become a legally appointed position applying to the public sector and most businesses. This in-house developed resource provides a comprehensive assessment of the role of the DPO, how it evolved, what the position entails, and information about the criteria for making an appointment. There is also a section dedicated to businesses who choose not to assign a DPO.

DATA PROTECTION
OFFICERS

A definitive guide

Find out more

GDPR TRAINING PATHS

This in-house guide answers several questions about how to implement a comprehensive employee data protection learning and development programme. Part one looks at the advantages of de-centralised training when leveraging privacy champions and technologists in key roles throughout the organisation. Part two addresses the benefits of choosing recognised certified training qualifications for privacy professionals.

Part 1 - Prioritising Privacy

Part 2 - How to Choose a GDPR Certification

INFORMATION RIGHTS LEGISLATION

The term Information Rights relates to two specific areas of UK and EU law. It covers legislation governing how organisations handle personal information about us. It also covers the laws and practices that give us rights to access official information, often held by public bodies. The following section contains links to the Information Rights laws and regulations that apply to organisations operating in the UK.

EU General Data Protection Regulation (2016)

UK General Data Protection Regulation (Keeling Schedule GDPR)

Data Protection Act (2018) (Prior to 1st Jan 2021)

Data Protection Act (2018) (Keeling Schedule DPA18)

EU Privacy and Electronic Communications Directive (2002) (ePrivacy Directive)

Privacy and Electronic Communications (EC Directive) Regulations (2003)

Privacy and Electronic Communications (EC Directive) Regulations (2003) (Keeling Schedule PECR)

Data Protection, Privacy and Electronic Communications (Amendments Etc.) (EU Exit) Regulations 2019

The Network and Information Systems Regulations (2018)

UK Freedom of Information Act (2000)

Environmental Information Regulations (2004)

Freedom of Information (Scotland) Act (2002)

Environmental Information (Scotland) Regulations (2004)

Re-use of Public Sector Information Regulations (2015)

Section 45 Code of Practice Freedom of Information

Section 46 Code of Practice on Records Management

INSPIRE Regulations (2009)

UK INFORMATION COMMISSIONER’S OFFICE

The Information Commissioner's Office (ICO) is the UK's Supervisory Authority (SA) and the independent regulator responsible for upholding Information Rights. The ICO is a non-departmental public body sponsored by the Department for Digital, Culture, Media and Sport (DCMS). The following section contains several links to the ICO's website that will be helpful to organisations. A separate link is also provided to the Scottish Information Commissioner covering FOI and EIR.

Information Commissioner's Office (ICO)

EU DATA PROTECTION AUTHORITIES

Although the UK has now left the European Union, many businesses still have to abide by EU rules where they continue to trade in goods or services with the EU. The following section contains links to data protection webpages for a number of EU institutions and regulators.

European Commission Data Protection (central hub)

European Commission Data protection in the EU (summary)

European Data Protection Supervisor (EDPS)

European Data Protection Board (EDPB)

EDPB news and events (blog)

EDPB list of EU Data Protection Authorities (DPAs)

EDPB record of enforcement action taken by EU Member States

Council of Europe Data Protection website

PRIVACY FRAMEWORK & CERTIFICATION

The right privacy framework will provide a basic structure and offer guidance about how to integrate compliance requirements applicable to your organisation. They can help ensure you have the right compliance policies and procedures in place while providing the flexibility to adapt processes to suit your commercial requirements.

AICPA privacy framework

NIST privacy framework

BS 10012 - Privacy Management

ISO/IEC 27701:2019 - Privacy Management

ISO/IEC 27001:2022 - Information security management

Europrivacy Certification - GDPR Certification

ISO 31700-1:2023 - Standard on Privacy by Design

USEFUL LINKS & RESOURCES

A selection of links to information management and data protection associations.

Information and Records Management Society (IRMS)

National Association of Data Protection Officers (NADPO)

Data Protection Forum

Data Protection Network

DPO Network Europe

Association of Data Protection Officers (Ireland)

10% OFF

Save over £100 on all of our courses

Sign-up for our Privacy Newsfeed weekly newsletter to get your discount code. Receive additional offers by selecting training announcements option. Please choose your desired subscription option and then enter your details to subscribe.

View our privacy information

Freevacy has been shortlisted in the Best Educator category.
The PICCASO Privacy Awards recognise the people making an outstanding contribution to this dynamic and fast-growing sector.