A blog by Ian Hulme, Director for Regulatory Assurance
As a regulator, we can see how the use of personal data has changed over the past few years. There have been innovative technological developments in the public, private and third sector. However, with great innovation comes great responsibility.
Organisations must understand the risks they create for individuals when processing their data and mitigate against those risks. Organisations must be able to demonstrate that they handle personal data appropriately and effectively. These actions are all a part of the data protection requirement of accountability.
The principle of accountability is really about putting data protection at the heart of all personal data processing. It means being crystal clear about data protection responsibilities across the entire organisation; data protection being a boardroom issue and not just the responsibility of the data protection officer; managing risk proactively; and being transparent with people about what you are doing with their data.
We know that many organisations are already working hard at this, and we want to support those committed to getting it right. But we also know that accountability demands real work and a real culture change.
That is why we’re developing an accountability toolkit.
We want to support organisations to demonstrate their compliance with the accountability principle to the ICO, the public or their business partners.
Our proposed accountability toolkit will enable organisations to understand the ICO’s expectations and take responsibility for designing their own accountability programs.
We are planning on launching the framework in 2020, but before we start development we want to hear from you. We are committed to designing a product that is user-led so your views are essential. We would like you to share your views and suggestions on our early ideas and assumptions about the scope, structure and design of an accountability toolkit.
Ian Hulme is Director for Regulatory Assurance at the ICO.