Why is this important?
A fundamental building block of accountability is strong leadership and oversight. This includes making sure that staff have clear responsibilities for data protection-related activities at a strategic and operational level. Some organisations legally require a DPO; but everyone must allocate sufficient resources and make sure that data protection is a shared responsibility, rather than solely the task of someone working directly in a data protection role. You make senior management and the board accountable, and they must lead by example to promote the organised, proactive and positive approach to data protection that underpins everything else.
At a glance – what we expect from you
- Organisational structure
- Whether to appoint a DPO
- Appropriate reporting
- Operational roles
- Group to provide oversight and direction
- Operational group meetings
ICO interactive tool:
- The National Archives: Organisational arrangements to support records management
- Centre for the Protection of National Infrastructure: Good security governance and Leadership in security
- National Cyber Security Centre: 10 Steps to Cyber Security – A Board-level responsibility
- Get Safe Online: Governance