Checklist for Ensuring data protection compliance

Introductory note:
This checklist aids an organisation to achieve data protection compliance through the conduct of risk assessments, monitoring, auditing and training as part of an organisation's management framework.

The guideline is a living document and will continue to be updated as new technologies, threats, risks, and solutions arise.

How to use this checklist:
This guideline is not a one-size-fits-all approach. Different organisations will have unique risks, threats and vulnerabilities, and will implement their data breach response strategy with differing priorities. It is important to bear in mind that while risk can be reduced, the possibility of an ICT breach cannot be eliminated entirely.

Other notes:
For a more detailed discussion on data protection compliance, see Russell R Densmore (ed), Privacy Program Management - Tools for Managing Privacy Within Your Organisation (International Association of Privacy Professionals, 2013).

Links to related content:
Once you have established, assessed and reviewed requisite policies and data protection procedures for your organisation, for further guidance on handling and responding to privacy-related incidents, see checklists Data Breach Assessment Guideline, Data Breach Response Guideline and Cybersecurity strategy - Overall cybersecurity strategy checklist.