April 3, 2020

April 03, 2020

Subscribe to Latest Legal News and Analysis

April 02, 2020

Subscribe to Latest Legal News and Analysis

April 01, 2020

Subscribe to Latest Legal News and Analysis

March 31, 2020

Subscribe to Latest Legal News and Analysis

ICO Wants to Hear Your Views on the Design of its New Accountability Toolkit

In an October 28, 2019 blog post, Director for Regulatory Assurance, Ian Hulme, announced that the UK Information Commissioner’s Office (“ICO”) is developing a new ‘accountability toolkit’ which it plans to launch next year. The aim of the toolkit will be to support organisations in demonstrating their compliance with the ‘accountability principle’ under the GDPR[1]. It will enable organisations to understand the ICO’s expectations and to take responsibility for designing their own accountability programs. The ICO wants the toolkit to be ‘user-led’ and, as a result, it believes that gathering the views of organisations is essential.

The ICO seeks the views of a wide range of organisations in different sectors on matters such as their current practices relating to accountability and how the ICO could support them in the development of their own accountability programs.

Any thoughts on the development of the accountability toolkit can be provided on the ICO’s dedicated consultation page or provided by email to accountability.ico.org.uk. The consultation closes at 17:00 on 9 December 2019.

Mr. Hulme made it clear that compliance with the accountability obligation is about “putting data protection at the heart” of all personal data processing. It includes being “crystal clear” about data protection responsibilities throughout the organisation, data protection being a “boardroom issue” and not just the responsibility of the Data Protection Officer, managing risk pro-actively and being transparent to people about the processing of their personal data. He recognised that many organisations are working hard to get this right and stated that the ICO is keen to support those efforts, in light of the substantial work and culture change that can be required.

The consultation page lists a number of measures which the ICO says could enable organisations to demonstrate their compliance with the accountability principle, including implementing data protection policies, taking a data protection by design and default approach, reporting data breaches where required and carrying out data protection impact assessments.

Please contact our Data Privacy & Cybersecurity team members for assistance with GDPR compliance, including putting in place measures to fulfil your organisation’s accountability obligation.

[1] This is a specific obligation under Article 5(2) of the GDPR (EU General Data Protection Regulation 2016/679)

© Copyright 2020 Squire Patton Boggs (US) LLP


About this Author

Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel

Francesca Fellowes is a senior associate our Data Privacy & Cybersecurity team based in our Leeds office. She has a wealth of experience in advising on a wide spectrum of data privacy issues, including managing large-scale projects involving multiple data flows and advising on commercial arrangements involving complex issues of data ownership and use.

She is particularly experienced in managing cross-jurisdictional data privacy compliance projects for multinational clients, which deal with the compliance required throughout the client’s...