What is the accountability framework?
The Information Commissioner’s Office (ICO) is the regulatory body that ensures compliance with and enforcement of the UK’s data protection laws, including the UK General Data Protection Regulation (GDPR).
All entities, be they charity, large company or sole trader, are required, by law, to meet certain data protection standards and respect the personal data within their care. The accountability framework is essentially a crib sheet to help you meet national data protection standards.
The UK GDPR has seven data protection principles. The final one is accountability. In life, we are all accountable for our everyday actions — both personal and professional — and things are no different when it comes to data protection. According to the ICO, accountability “makes you responsible for complying with the legislation”1 and what’s more, that “you must be able to demonstrate your compliance”1. It’s this final quote — the ability to prove you work in accordance with the law — that makes the accountability framework essential reading. So, what do you need to know?
- What if you don’t comply?
We already know it’s a legal requirement to comply. But what if you don’t? The simple answer is: you can be fined. Quite a lot, too. Beyond the expense of the fine, if the ICO uncover your non-compliance, it could damage your reputation as a company and your good name as a business owner as well as put you at risk of private lawsuits. What’s more, your employees’ prospects could be affected, not to mention the impact should your clients find out! Compliance, if you want to avoid any future headaches and heartaches, is critical.
- All you need to know in one place.
Whatever your sector, organisation size or stage of business journey, the accountability framework demonstrates how to make sure you and your business comply with legislation. The framework covers everything from checking your processes and procedures meet requirements, to your staff training status, to dealing with individuals’ rights across ten independent sections.
The framework is certainly comprehensive but it is not detailed; as the text states, it “is not sector-specific”. The guide uses a series of statements and questions to encourage you to apply knowledge unique to your industry and organisation to achieve your own data protection solutions.
Do you have data breach procedures? Do you map the data you hold and have a lawful basis for keeping it? If you don’t know the answers to these questions, consider reading the framework or at least taking a quick data protection health check. Even if you do know the answers, do you meet all the other standards?
- The advantages for you.
Many people fear data breaches, and understandably so. Therefore, preparation and protection are vital. Using the framework will help you understand the intricacies of data protection and how they apply to your organisation. It will allay your fears, give you more control, and could even highlight areas for improvement in your current systems. In the end, however, implementation is imperative.
Don’t bury your head in the sand or view data protection as something involving smoke and mirrors. Instead, think “respect”. View other’s data as their valuable property and treat it accordingly. You can access the framework via the ICO’s website, or, if you would like a more hands on approach and a chat with a human then just contact us.
Information Commissioner’s Office, Accountability Framework, 2020
Dr Sam Linton is a data protection professional and a GDPR Practitioner. Contact for Data Protection advice and services – firstname.lastname@example.org