The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

I am likely to be meeting this expectation You are meeting the expectation in all the ways listed in the accountability framework that are relevant to your organisation, or you are meeting the expectation fully in other appropriate ways.
I am likely to be partially meeting this expectation You are meeting the expectation in some of the ways listed in the accountability framework that are relevant to your organisation, or you are partially meeting the expectation in other appropriate ways.
I am not likely to be meeting this expectation You are not meeting our expectation in any of the ways listed in the accountability framework and you are not meeting the expectation in any other appropriate ways.
This is not relevant to my organisation After considering your circumstances, processing activities and risk, you do not think the expectation is relevant to your organisation.

Step one of ten: Leadership and oversight

1.1 There is an organisational structure for managing data protection and information governance, which provides strong leadership and oversight, clear reporting lines and responsibilities, and effective information flows. *



1.2 Is your organisation required to appoint a Data Protection Officer under Article 37 of the General Data Protection Regulations (GDPR)? *


1.5 Your organisation's operational roles support the practical implementation of data protection and information governance *



1.6 An oversight group provides direction and guidance across your organisation for data protection and information governance activities. *



1.7 In your organisation, operational level groups meet to discuss and coordinate data protection and information governance activities. *