The DPA (Data Protection Act) 2018 and UK GDPR (General Data Protection Regulation), and the EU GDPR require organisations to implement “appropriate technical and organisational measures” to secure the personal data they process.
They must also follow the accountability principle. This means being responsible for, and able to demonstrate their compliance with, the Regulation’s data processing principles.
This can best be achieved via a privacy compliance framework: a formal structure for managing the security of personal data.
If your organisation has not developed its own privacy compliance framework, there are currently two standards that you can use to ease your path to GDPR compliance: BS 10012:2017 and ISO/IEC 27701:2019.
Implementing these standards – and, where possible, achieving independently accredited certification – will demonstrate to regulators such as the UK’s ICO (Information Commissioner’s Office) that you have carried out due diligence and are doing all you can to comply with the law.