0. Data Protection Officers Resource
The data protection officer (DPO) role is not new. However, under both the EU and UK versions of the General Data Protection Regulation (GDPR), the DPO has become a legally appointed position applying to the public sector and most businesses. This in-house developed resource provides a comprehensive assessment of the role of the DPO, how it evolved, what the position entails, and information about the criteria for making an appointment. There is also a section dedicated to businesses who choose not to assign a DPO.
1. GDPR Training Paths
This in-house guide answers several questions about how to implement a comprehensive employee data protection learning and development programme. Part one looks at the advantages of de-centralised training when leveraging privacy champions and technologists in key roles throughout the organisation. Part two addresses the benefits of choosing recognised certified training qualifications for privacy professionals.
2. Information Rights Legislation
The term Information Rights relates to two specific areas of UK and EU law. It covers legislation governing how organisations handle personal information about us. It also covers the laws and practices that give us rights to access official information, often held by public bodies. The following section contains links to the Information Rights laws and regulations that apply to organisations operating in the UK.
3. UK Information Commissioner’s Office
The Information Commissioner's Office (ICO) is the UK's Supervisory Authority (SA) and the independent regulator responsible for upholding Information Rights. The ICO is a non-departmental public body sponsored by the Department for Digital, Culture, Media and Sport (DCMS). The following section contains several links to the ICO's website that will be helpful to organisations. A separate link is also provided to the Scottish Information Commissioner covering FOI and EIR.
4. EU Data Protection Authorities
Although the UK has now left the European Union, many businesses still have to abide by EU rules where they continue to trade in goods or services with the EU. The following section contains links to data protection webpages for a number of EU institutions and regulators.
5. Privacy Framework
The right privacy framework will provide a basic structure and offer guidance about how to integrate compliance requirements applicable to your organisation. They can help ensure you have the right compliance policies and procedures in place while providing the flexibility to adapt processes to suit your commercial requirements.
6. Useful links & resources
A selection of links to information management and data protection associations.