Improve practice

Accountability, upholding rights and demonstrable compliance are key.  All staff should be involved in tightening up and implementing procedures. Organisations must be in a position to explain to individuals exactly why their personal data is needed, the lawful reason for doing so and if necessary why it must continue to be processed and should, therefore, start, and continue, to review and analyse:

Examples of steps that can be taken towards achieving compliance include:

Management engagement

Non-IT engagement

IT engagement