top of page

ICO publishes checklist for law enforcement requirements of the Data Protection Bill


The Information Commissioner's Office (ICO) has published a checklist entitled "Preparing for the law enforcement requirements (part 3) of the Data Protection Bill: 12 steps to take now".

The 12 steps that organisations should take are:

  • Check if the organisation is a Competent Authority under Schedule 7 of the DP Bill and that key people are aware that the law is changing.

  • Document what personal data is held, where it is held, where it came from, who it is shared with and who is responsible for it.

  • Identify the lawful basis for processing activity, document it and update privacy notices accordingly.

  • Ensure consents are up to date.

  • Review current privacy notices.

  • Check individual rights are covered by necessary procedures.

  • Ensure that the right procedures are in place to identify, manage and investigate a data breach.

  • Organisation should familiarise itself with the ICO’s code of practice on privacy impact assessments.

  • Ensure someone is designated to take responsibility for data protection compliance and assess where this role will sit within an organisation’s structure and governance arrangements.

  • Ensure logs of processing operations in automated processing systems are kept.

  • Review procedures for transferring or sharing personal data across borders.

  • If undertaking sensitive processing ensure that the organisation is compliant with the requirements of the legislation including having an appropriate policy in place.


1 view
bottom of page