ICO launches audit framework to aid organisations’ compliance

The ICO has today launched a new audit framework designed to help organisations assess their own compliance with data protection law. The ICO says it hopes to empower organisations to identify necessary steps to improve their data protection practices and create a culture of compliance.

As a starting point, organisations can use the ICO’s accountability toolkits to assess their accountability measures for example on AI or age-appropriate design.
Ian Hulme, ICO Director of Regulatory Assurance, said:

"Transparency and accountability in data protection are essential, not just for regulatory compliance but for building trust with the public. Businesses that can demonstrate strong data protection practices gain a competitive advantage, as customers increasingly value the responsible use of their personal information.”

“Our new audit framework will help businesses build trust and encourage a positive data protection culture, as well as being flexible in targeting the most pressing areas of compliance. We want to empower businesses to embrace data protection as an asset, not just a legal requirement."

The ICO has an active audit programme – this year it has already issued 37 audit reports, with 16 of them being in the criminal justice area. The ICO mostly conducts consensual audits, but also has the power to conduct compulsory audits.

See: ICO - New data protection audit framework launched to help organisations improve compliance