The Information Commissioner’s Office (ICO) has this week launched an audit framework aimed at helping charities and other organisations comply with data protection law.

It aims to help charities assess their compliance with key requirements under the legislation and identify necessary steps to “improve their data protection practices and create a culture of compliance”, says the regulator.

The ICO’s data protection audit framework states that charities need to “consider the specific circumstances of your organisation and what you are doing with personal information in order to manage the risks appropriately”.

“As a general rule, the greater the risk, the more robust and comprehensive the measures you should put in place,” it adds.

The framework includes several toolkits focusing on issues such as accountability, record keeping, cyber security, training, data sharing and artificial intelligence.

“We suggest you start with the accountability toolkit (formerly the Accountability framework) to assess your organisation’s accountability measures,” states the ICO.

“This toolkit supports the foundations of an effective privacy management programme.”

ICO director of regulatory assurance Ian Hulme said: “Transparency and accountability in data protection are essential, not just for regulatory compliance but for building trust with the public.

“Research shows us that people increasingly value the responsible use of their personal information and want organisations to be able to demonstrate strong data protection practices.

“Our new audit framework will help build trust and encourage a positive data protection culture, as well as being flexible in targeting the most pressing areas of compliance.

“We want to empower organisations to embrace data protection as an asset, not just a legal requirement."

---