Data protection framework

GoodCorporation's Data Protection Framework can be used to help organisations ensure that all the personal data they collect in the course of their operations is properly protected and used responsibly.

The four-page framework can be applied to the protection of both personal and commercial data and can be used to design, embed or evaluate an organisation's data protection systems and culture.

Areas covered by the framework

  • Management and governance: the organisation makes it clear who is responsible for data protection, has a written and clearly articulated policy approved by the board and ensures that a culture of data protection is set and championed by senior management.
  • Risk assessment: regular data protection risk assessments are carried out within the organisation, in relation to third parties and in respect of new activities or products.
  • Security environment: provisions are made to ensure that both physical and information security systems are secure.
  • Legal environment: the legal environment is monitored to ensure that any changes to applicable data protection legislation are met and that the legal implications of any data transfers are properly understood.
  • Operational data practices: the organisation can evidence that whenever or wherever data is processed, policies and procedures are firmly in place to protect that information.
  • Managing employees who handle data: awareness of data protection is high with policies and procedures easily accessible and regular training carried out.
  • Managing routine access by third parties: steps are taken to ensure that business partners, service providers and other third parties understand and abide by the organisation's data protection practices.
  • Managing requests: systems and protocols are in place governing the disclosure of data and the response to data access requests.
  • Breaches: the organisation regularly checks for data breaches, has a system in place for reporting concerns and takes remedial action when necessary.
  • Monitor and review: senior management review the effectiveness of data protection procedures providing reports to the board of effectiveness along with information on any data breaches.

Sample content

Have a question? Click here to contact our team

Explore our frameworks

Browse our frameworks below and download your copy

Protected content

  • For further information about how we use your personal data and how to unsubscribe please view our privacy policy.

  • This field is for validation purposes and should be left unchanged.