Anyone managing personal data in the UK
Click here to access the templates
The Data Protection Act controls how your personal information is used by organisations, businesses or the government.
Everyone responsible for using data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
There is stronger legal protection for more sensitive information, such as:
- ethnic background
- political opinions
- religious beliefs
- sexual health
- criminal records
Here are the key benefits of the RequirementONE Data Protection ACT Solution.
Improved Data Protection
Reduce the time and expense of implementing the new data protection. Reduce risk within current programs by identifying areas for improvement.
The Framework creates a common language for the discussion of data protection issues that can facilitate internal and external collaboration.
Mapping Controls and Policies
Individual controls and policies may apply to numerous frameworks. These can be maintained as an interlinked set of procedures to avoid duplication of effort.
A Single Point of Truth
Each compliance element is stored as a record and can be updated, commented, controlled and audited individually. Data is accessible to all stakeholders with no version control issues.
All links and interfaces can be defined and maintained showing dependencies between various policies.
Track the progress of data protection projects. In-line analytics highlight gaps in data protection, traceability of changes and status of data protection efforts.
Internal and External audit teams benefit from a specialized interface with full visibility to review and evaluate procedures.
Typical Use Cases
Here is a typical, but not exhaustive, list of roles and associated use cases that would interact with this solution.
|Data protection team||
|Data protection officer||
These apps and templates are used for the solution.
|Data Protection Act 1998||A specification containing the Data Protection Act, which can be used to ensure that all policies, controls and procedures are in line with the current legislation
1) Download the Implementing the Data Protection Act specification from the Solution Store
2) Mark each record to show whether it is applicable to your organization.
3) Link each applicable record to the corresponding policy / control / procedure record
4) As the linked records are updated, mark the status of the work.
5) Use filters to identify work still to be done
6) If there are people in the organization who need to be informed, but do not have access to RequirementONE, Export the completed document to Word.
- Select an existing, or create a new project
- Click on the Solution Store, and select the Data Protection Act Templates
- Once you have the templates, add your custom data and work through the plan.
Combine GDPR with other compliance frameworks to provide a holistic Compliance solution for your organization.
Questions or Comments?
Respond to this post if you want to comment on the template or ask the author a question.