The UK ICO has published a „beta“ accountability framework, which is an excellent and broad start to check on your GDPR implementation!
You might use it to:
- check on your GDPR implementation either in total or in regard to curtain aspects
- demonstrate compliance towards business partners or authorities
- use it as some sort of checklist
ICO has some more ideas what the framework can be used to.
The framework has 10 chapters:
- Leadership and oversight
- Policies and procedures
- Training and awareness
- Individual rights
- Transparency
- Records of processing and lawful basis
- Contracts and data sharing
- Risks and Data Protection Impact Assessment (DPIA)
- Records management and security
- Breach response and monitoring
Each of the chapters has different sub-chapters which are short, precise and mostly in form of bullet lists and three questions at the end to check yourself.
For example in transparency sub-chapter “Tools supporting transparency and control” the questions are:
- “Would the public say that your policies are clear, easy to find and access?
- Do they feel appropriately supported in accessing, determining and managing how their data is used?
- Would children say the same?”
Now let’s think about the last three transparency documents you have written or read, the privacy policy or cookie banner of some websites. Do the hold up to these questions? I’d say no, and they don’t offer tools to manage the users personal data at all, especially after they have been clicking away that cookie banner big overlay window.
ICO says it is “beta” and open to comment. Yes, it is indeed, but it already is very far reaching and good. It does not mean that you do not need to think for yourself to the actual situation, but is already very powerful collection of topics to watch for.