Skip to main content

Accountability framework self-assessment

I am likely to be meeting this expectation You are meeting the expectation in all the ways listed in the accountability framework that are relevant to your organisation, or you are meeting the expectation fully in other appropriate ways.
I am likely to be partially meeting this expectation You are meeting the expectation in some of the ways listed in the accountability framework that are relevant to your organisation, or you are partially meeting the expectation in other appropriate ways.
I am not likely to be meeting this expectation You are not meeting our expectation in any of the ways listed in the accountability framework and you are not meeting the expectation in any other appropriate ways.
This is not relevant to my organisation After considering your circumstances, processing activities and risk, you do not think the expectation is relevant to your organisation.
1.1 There is an organisational structure for managing data protection and information governance, which provides strong leadership and oversight, clear reporting lines and responsibilities, and effective information flows.
More information

We have guidance and an interactive tool to help you decide if your organisation is required to appoint Data Protection Officer under Article 37 of the General Data Protection Regulation (GDPR).

 

1.2 Is your organisation required to appoint a Data Protection Officer under Article 37 of the General Data Protection Regulations (GDPR)?
1.3 Your organisation makes sure that the DPO’s role is adequately supported and covers all the requirements and responsibilities.
1.4 The DPO is independent and unbiased. They must report to the highest management level, and staff must be clear about how to contact them.
1.5 Your organisation's operational roles support the practical implementation of data protection and information governance
1.6 An oversight group provides direction and guidance across your organisation for data protection and information governance activities.
1.7 In your organisation, operational level groups meet to discuss and coordinate data protection and information governance activities.