“It’s important to remember the people behind the information.”
12 May 2022
It can be easy to forget that the ICO isn’t just the regulator of data protection – we’re a data controller too! I lead a team that’s responsible for managing the ICO’s compliance. That includes meeting the requirements of the accountability principle – put simply, making sure we have appropriate measures in place and that we can demonstrate how we’ve met them
What’s the best part of your role?
Information management is really about people.
Firstly, my team needs to work with people across the organisation to find out what their priorities are, how they work and what they need from us.
Secondly, we must always remember that each piece of personal data we store belongs to a real person. There’s a human behind the data we handle.
That’s why it’s so important for us to assess our processes and ensure we are getting our transparency obligations right.
Like lots of other organisations, we used the ICO’s online Accountability Framework to review our systems and put in place a plan to highlight what information we needed, when we needed it and who we should be talking to.
What are the biggest challenges in your role?
As our organisation grows it can be difficult to maintain important connections with people who work here and to stay on top of their programmes. That’s why we’ve established a community of local information management officers across the ICO who meet regularly. We use their feedback to make our processes easier for staff to understand and use.
One thing you wish you’d known at the start of your role?
Accountability can seem overwhelming. It’s more than just ticking boxes and is about embedding a positive, proactive culture in your organisation. But when you break it down, it’s a lot easier to manage. I tackled it by focussing on two key elements: putting appropriate measures in place and then demonstrating how we comply with those measures.
The Accountability Framework was invaluable. The tools and priority areas really helped to structure my approach and meant I could focus on working and hearing from teams within the organisation. I frequently go back to the tool and my initial assessment to see how we have developed and where we can still improve.
Learn more about the Accountability Framework
The Accountability Framework is a tool designed to help data protection professionals manage their accountability obligations. It uses a risk-based approach meaning it can be adapted for organisations of all sizes. We know that when building a data protection framework a one size fits all approach isn’t possible. And so we’ve added case studies from a variety of organisations to give you ideas of the various ways you can demonstrate your accountability in practice.
See case studies from Macmillan Cancer Support, Newry Mourne and Down District Council, the Office of Intercollegiate Services at the University of Cambridge and the Department for Environment, Food and Rural Affairs.
We’d like to thank the organisations for taking the time to explain their approaches to us.
Iman El Mehdawy is a Group Manager in the ICO's Information Management department. The team provides support and advice to ensure that information management and privacy are embedded into ICO systems and processes.