The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.
Contracts, documentation, data protection by design and default, data protection impact assessments and data protection officers.
When contracts are needed and why they are important, what needs to be included and responsibility and liability.
What is documentation and who needs to document processing activities, what needs to be documented under article 30 and how to document processing activities.
What is a DPIA, when and how to conduct one, consulting the ICO and examples of 'likely to result in high risk'.
Data protection codes of conduct address sector specific data protection issues and support compliance with the UK GDPR’. We have detailed guidance and other resources for trade organisations and similar representative bodies who may create codes of conduct for their members.
Data protection certification can help demonstrate data protection in a practical way to businesses, individuals and regulators. We have detailed guidance and other resources about certifications schemes for organisations.
Assess your organisation’s accountability and governance.