An oversight group provides direction and guidance across your organisation for data protection and information governance activities.
Ways to meet our expectations:
- Key staff, eg the DPO, regularly attend the oversight group meetings.
- An appropriately senior staff member chairs the group, eg the DPO or senior information risk owner (SIRO).
- Clear terms of reference set out the group's aims.
- The group's meeting minutes record what takes place.
- The group covers a full range of data protection-related topics including key performance indicators (KPIs), issues and risks.
- The group has a work or action plan that is monitored regularly.
- The board or highest management level considers data protection and information governance issues and risks reported by the oversight group.
Can you answer yes to the following questions?
- Do group members report that the meetings are effective?
- Do they meet frequently enough and cover appropriate topics?
- Are senior management aware of the issues and risks?