Best Practice Update

Checklists in navy text by Data Protection Education. Data Protection Services badge.  The DPE Knowledge Bank on a laptop screen

Product Focus on Checklists : Record of Processing

All of our customers have access to the DPE Knowledge Bank which has a Best Practice Checklist area.  Each checklist is designed to help you walk through all aspects of data protection.
The checklist will give you an insight about where your organisation is with data protection from a data privacy and technical security perspective. The checklists form part of the Best Practice library which includes contextualised guidance, documents and resources on specific areas of data processing.  The checklists form part of the ICO Accountability Framework which helps organisations with their governance and corporate risk management where it relates to data protection.    The checklists cover all aspects of the framework, enabling you to assess against organisation baselines:

  1. Leadership & Oversight
  2. Risk Management (DPIA's)
  3. Policies & Procedures
  4. Individual Rights
  5. Contracts & Data Sharing
  6. Transparency
  7. Training & Awareness
  8. Records Management
  9. Monitoring Verification & Reporting (Data Breaches, SARs and FOI's)
  10. Response & Enforcement (SARs and FOI's)

Record of Processing

As a Controller you determine the purpose and means of the processing (article 4(7)) and are responsible for ensuring the confidentiality and integrity (article 5(f))  of data and to ensure technical and organisational measures are in place (article 32). The Record of Processing checklists highlights the legal reasons for implementing an RoP and what procedures need to be in place.  It links to the Record of Processing Best Practice Area, which covers relevant legislation, and the main areas of processing in an organisation.  This should be considered in line with any Third Party Supplier Due Diligence you may need to undertake.

Answer a sample Record of Processing (RoP) checklist question:

Do you know how to demonstrate your organisation’s technical and organisational safeguards are in place to ensure security of data?

Invalid Input


Amazing, you have ticked off an important item on the record of processing checklist.  Knowing what risks there are around the data you hold is a crucial part of data protection compliance:

For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..




Understanding what technical measures you have in place to safeguard any personal data you hold is a requirement and part of the DfE Digital Standards if you are a school or trust.  Contact your data protection lead, or SLT digita lead or DPO for further advice:

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 

 


Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.




DPE customers can get started on completing the Record of Processing checklist here:

Search