Common to all control frameworks, the core underlying and most important theme is demonstrating accountability and responsibility.
For an ongoing control to work, an organisation must ask themselves if key individuals know their roles within the framework. Further, they then must check and provide support to make sure they are fulfilling their responsibilities. These topics are as much about organisation culture as they are about one specific framework. When not focused on, these topics become common reasons why initial projects fail to be adopted as long term controls.
To help organisations, the ICO has published its own self-assessment. This is designed to allow you to make an assessment to your current maturity, and if your framework is likely working in particular areas.
Fundamentals First has always maintained that investing in people is the most critical part of implementing any management control, be it data privacy, security, financial etc. Key to our Data Privacy Framework implementation is open discussion regarding who governs key topics, who owns the responsibility, and who acts as a steward in the day to day running of tasks. In favour of a check box exercise, investing in several different communication methods to explain accountabilities is critical for data privacy control.
For more information on auditing your current Data Privacy Framework please get in contact to discuss either a formal audit or a less formal sense check.
