0. Data Protection Officers Resource
The data protection officer (DPO) role is not new. However, under both the EU and UK versions of the General Data Protection Regulation (GDPR), the DPO has become a legally appointed position applying to the public sector and most businesses. This in-house developed resource provides a comprehensive assessment of the role of the DPO, how it evolved, what the position entails, and information about the criteria for making an appointment. There is also a section dedicated to businesses who choose not to assign a DPO.
1. GDPR Training Paths
This in-house guide answers several questions about how to implement a comprehensive employee data protection learning and development programme. Part one looks at the advantages of de-centralised training when leveraging privacy champions and technologists in key roles throughout the organisation. Part two addresses the benefits of choosing recognised certified training qualifications for privacy professionals.
2. Information Rights Legislation
The term Information Rights relates to two specific areas of UK and EU law. It covers legislation governing how organisations handle personal information about us. It also covers the laws and practices that give us rights to access official information, often held by public bodies. The following section contains links to the Information Rights laws and regulations that apply to organisations operating in the UK.
- 01. EU General Data Protection Regulation (2016)
- 02. UK General Data Protection Regulation (Keeling Schedule GDPR)
- 03. Data Protection Act (2018) (Prior to 1st Jan 2021)
- 04. Data Protection Act (2018) (Keeling Schedule DPA18)
- 05. EU Privacy and Electronic Communications Directive (2002) (ePrivacy Directive)
- 06. Privacy and Electronic Communications (EC Directive) Regulations (2003)
- 07. Data Protection, Privacy and Electronic Communications (Amendments Etc.) (EU Exit) Regulations 2019
- 08. The Network and Information Systems Regulations (2018)
- 09. UK Freedom of Information Act (2000)
3. UK Information Commissioner’s Office
The Information Commissioner's Office (ICO) is the UK's Supervisory Authority (SA) and the independent regulator responsible for upholding Information Rights. The ICO is a non-departmental public body sponsored by the Department for Digital, Culture, Media and Sport (DCMS). The following section contains several links to the ICO's website that will be helpful to organisations. A separate link is also provided to the Scottish Information Commissioner covering FOI and EIR.
- 01. Information Commissioner's Office (ICO)
- 02. Latest news and events (blog)
- 03. Record of enforcement action taken by ICO
- 04. Support pages for organisations
- 05. Data Protection Fees, registering an organisation and DPO
- 06. Search the register of data controllers
- 07. How to report a data breach
- 08. Make a complaint
- 09. Contact Information
4. EU Data Protection Authorities
Although the UK has now left the European Union, many businesses still have to abide by EU rules where they continue to trade in goods or services with the EU. The following section contains links to data protection webpages for a number of EU institutions and regulators.
- 01. European Commission Data Protection (central hub)
- 02. European Commission Data protection in the EU (summary)
- 03. European Data Protection Supervisor (EDPS)
- 04. European Data Protection Board (EDPB)
- 05. EDPB news and events (blog)
- 06. EDPB list of EU Data Protection Authorities (DPAs)
- 07. EDPB record of enforcement action taken by EU Member States
- 08. Council of Europe Data Protection website
5. Privacy Framework & Certification
The right privacy framework will provide a basic structure and offer guidance about how to integrate compliance requirements applicable to your organisation. They can help ensure you have the right compliance policies and procedures in place while providing the flexibility to adapt processes to suit your commercial requirements.
6. Useful links & resources
A selection of links to information management and data protection associations.