The checklist will give you an insight about where your organisation is with data protection from a data privacy and technical security perspective. The checklists form part of the Best Practice library which includes contextualised guidance, documents and resources on specific areas of data processing. The checklists form part of the ICO Accountability Framework which helps organisations with their governance and corporate risk management where it relates to data protection. The checklists cover all aspects of the framework, enabling you to assess against organisation baselines:
- Leadership & Oversight
- Risk Management (DPIA's)
- Policies & Procedures
- Individual Rights
- Contracts & Data Sharing
- Transparency
- Training & Awareness
- Records Management
- Monitoring Verification & Reporting (Data Breaches, SARs and FOI's)
- Response & Enforcement (SARs and FOI's)
Subject Access Requests
The Subject Access Requests Checklist asks questions about policies and procedures relating to subject access requests. It links to the Subject Access Requests Best Practice Area which includes template procedures, e-learning and drip feed posters and FAQ's. When dealing with a Subject Access Request it is usual to redact some of the data, so we would recommend looking at the Redaction Checklist and the Redaction Best Practice Area.Answer a sample SAR checklist question:
DPE customers can get started on completing the Subject Access Request checklist here: