The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Oversight groups

An oversight group provides direction and guidance across your organisation for data protection and information governance activities.

Ways to meet our expectations:

  • Key staff, eg the DPO, regularly attend the oversight group meetings.
  • An appropriately senior staff member chairs the group, eg the DPO or senior information risk owner (SIRO).
  • Clear terms of reference set out the group's aims.
  • The group's meeting minutes record what takes place.
  • The group covers a full range of data protection-related topics including key performance indicators (KPIs), issues and risks.
  • The group has a work or action plan that is monitored regularly.
  • The board or highest management level considers data protection and information governance issues and risks reported by the oversight group.

Can you answer yes to the following questions?

  • Do group members report that the meetings are effective?
  • Do they meet frequently enough and cover appropriate topics?
  • Are senior management aware of the issues and risks?