Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Organisational structure

There is an organisational structure for managing data protection and information governance, which provides strong leadership, clear reporting lines and responsibilities, and effective information flows . This could mean clear management roles and responsibilities for staff in the information security or records management departments.

Ways to meet our expectations:

  • The board, or highest senior management level, has overall responsibility for data protection and information governance.
  • Decision-makers lead by example and promote a proactive, positive culture of data protection compliance.
  • You have clear reporting lines and information flows between relevant groups; such as from a management board to an audit committee, or from an executive team to an information governance steering group.
  • Policies clearly set out the organisational structure for managing data protection and information governance.
  • Job descriptions clearly set out responsibilities and reporting lines to management.
  • Job descriptions are up-to-date, fit for purpose and reviewed regularly.
  • Data protection and information governance staff understand the organisational structure and their responsibilities.

Can you answer yes to the following questions?

  • Do staff report that your organisational structure is effective?
  • Is there a positive and proactive culture of data protection compliance across your organisation?
  • Are staff aware of their responsibilities and those of others within the structure?