The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

This consultation has closed

Back in October, we asked for your help to test and develop our ideas about an accountability toolkit. Our survey has now closed and we have had an excellent response rate, 163 in total, from a variety of stakeholders. We are really grateful to everyone who took the time to make helpful suggestions, and contribute to the toolkit’s development.

It’s been great to see your very positive reaction to our existing guidance, and plans for the toolkit. You broadly agreed with our proposed scope and structure and your detailed responses suggested ways we could help organisations to embed accountability more fully, either through the Toolkit or other guidance products.

You can read our analysis of these responses, setting out the key themes that emerged, including our comments. We’ll be sharing more of our Toolkit and exploring your feedback in greater depth in a London workshop on 3 February. Applications have now closed but there will be further opportunities to engage with us on this topic at future workshops.


The General Data Protection Regulation (GDPR) introduced an accountability principle, which requires data controllers to demonstrate their compliance with the law through internal data protection measures and practices. These could, and in some circumstances must, include:

  • implementing data protection policies;
  • recording your processing;
  • taking a data protection by design and by default approach;
  • having written contracts in place with processors;
  • implementing appropriate security measures;
  • recording and, where necessary, reporting data breaches;
  • appointing a data protection officer;
  • establishing processes for handling data subject rights’ requests; and
  • carrying out data protection impact assessments.

We want to create a toolkit to help organisations to assess whether they have appropriate and effective internal data protection governance arrangements in place and to help them demonstrate their compliance to the ICO, the public, or a business customer.

This is the first stage of our consultation process, where we are looking for a wide range of views from organisations and individuals, across all sectors and organisational sizes. We want to hear from those who have responsibility for data protection and particularly would like to hear about:

  • your current practice regarding accountability;
  • what might lead to improvements;
  • how we can support you in designing your own accountability framework; and
  • what scope and structure may be most helpful.

You can respond to this consultation via our online survey or you can download the document and email it to: [email protected]

Alternatively, print off the document and post to:

Accountability toolkit snap survey
Assurance Department
Information Commissioner’s Office
Wycliffe House
Water Lane
Cheshire SK9 5AF

You can find guidance about accountability in our Guide to the GDPR. If you would like further information about the consultation, please email the [email protected] team.

Please send us your response by 17:00 on Monday 9 December 2019.

Privacy statement

For this survey, we will publish all responses received from organisations but we will remove any personal data before publication. We will not publish responses received from respondents who have indicated that they are an individual acting in a private capacity (e.g. a member of the public). For more information about what we do with personal data see our privacy notice