Assist in implementing privacy and data protection

URN: TECDT80631
Business Sectors (Suites): IT and Telecoms Professional (procom)
Developed by: e-skills
Approved on: 30 Mar 2022

Overview

This standard is about assisting in implementing privacy and data protection.

This involves implementing the organisations privacy and data protection policies and contributing to responding to data related requests from internal and external sources. It includes maintenance of the data register and assisting in undertaking internal privacy and data protection audits. It also includes assisting with maintaining the record of processing activities to support the data retention policy.

This standard is for those who need to assist in implementing privacy and data protection as part of their duties.


Performance criteria

You must be able to:

  1. Locate and review organisational and regulatory policies and standards to identify privacy and data protection requirements

  2. Assist in implementing the organisational policies, plans and procedures to maintain ongoing compliance with data protection regulations

  3. Contribute to the collation and maintenance of the data register in line with organisational procedures
  4. Assist in undertaking privacy, data protection audits and compliance reviews as required
  5. Contribute to privacy and data protection remediation activities as required
  6. Respond to subject access requests (SAR) and contribute to providing the information requested

  7. Assist in maintaining record of processing activities (ROPA) in line with organisational procedures

  8. Perform data mapping activities in line with organisational procedures

  9. Assist in the preparation and distribution of privacy and data protection compliance reports


Knowledge and Understanding

You need to know and understand:

  1. The relevant laws, regulations and policies relating to privacy and general data protection regulations (GDPR)

  2. Where to locate the regulatory policies and organisational standards for privacy and data protection

  3. The importance of reviewing organisational compliance with GDPR, The Data Protection Act and other applicable data protection laws and regulations
  4. The steps taken to implement policies, plans and procedures to maintain compliance with data protection regulations
  5. What is meant by a data register
  6. How to maintain an organisational data register
  7. The steps involved in performing data protection audits
  8. The importance of addressing data protection requests to a high quality and in a timely manner

  9. The meaning of subject access requests (SAR) and the steps involved to undertake them

  10. What is meant by a record of processing activities (ROPA)

  11. The importance of implementing a data retention policy
  12. How to undertake data mapping
  13. The steps involved in maintaining data protection compliance

Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary

​Subject Access Requests (SAR)

A Subject Access Request (SAR) is the right of access allowing an individual to obtain records on their personal information, held by an organisation. 

Record of Data Processing Activities (ROPA)

Records of Processing Activities (ROPA) is an internal record that contains the information of all personal data processing activities carried out.


Links To Other NOS


External Links


Version Number

1

Indicative Review Date

30 Mar 2025

Validity

Current

Status

Original

Originating Organisation

ODAG Consultants Ltd.

Original URN

TECDT80631

Relevant Occupations

Information and Communication Technology Professionals

SOC Code

3539

Keywords

Data management, data protection