Assist in implementing privacy and data protection
Overview
This standard is about assisting in implementing privacy and data protection.
This involves implementing the organisations privacy and data protection policies and contributing to responding to data related requests from internal and external sources. It includes maintenance of the data register and assisting in undertaking internal privacy and data protection audits. It also includes assisting with maintaining the record of processing activities to support the data retention policy.
This standard is for those who need to assist in implementing privacy and data protection as part of their duties.
Performance criteria
You must be able to:
Locate and review organisational and regulatory policies and standards to identify privacy and data protection requirements
Assist in implementing the organisational policies, plans and procedures to maintain ongoing compliance with data protection regulations
- Contribute to the collation and maintenance of the data register in line with organisational procedures
- Assist in undertaking privacy, data protection audits and compliance reviews as required
- Contribute to privacy and data protection remediation activities as required
Respond to subject access requests (SAR) and contribute to providing the information requested
Assist in maintaining record of processing activities (ROPA) in line with organisational procedures
Perform data mapping activities in line with organisational procedures
Assist in the preparation and distribution of privacy and data protection compliance reports
Knowledge and Understanding
You need to know and understand:
The relevant laws, regulations and policies relating to privacy and general data protection regulations (GDPR)
Where to locate the regulatory policies and organisational standards for privacy and data protection
- The importance of reviewing organisational compliance with GDPR, The Data Protection Act and other applicable data protection laws and regulations
- The steps taken to implement policies, plans and procedures to maintain compliance with data protection regulations
- What is meant by a data register
- How to maintain an organisational data register
- The steps involved in performing data protection audits
The importance of addressing data protection requests to a high quality and in a timely manner
The meaning of subject access requests (SAR) and the steps involved to undertake them
What is meant by a record of processing activities (ROPA)
- The importance of implementing a data retention policy
- How to undertake data mapping
- The steps involved in maintaining data protection compliance
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
Subject Access Requests (SAR)
A Subject Access Request (SAR) is the right of access allowing an individual to obtain records on their personal information, held by an organisation.
Record of Data Processing Activities (ROPA)
Records of Processing Activities (ROPA) is an internal record that contains the information of all personal data processing activities carried out.