Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

Oversight groups

An oversight group provides direction and guidance across your organisation for data protection and information governance activities.

Ways to meet our expectations:

  • Key staff, eg the DPO, regularly attend the oversight group meetings.
  • An appropriately senior staff member chairs the group, eg the DPO or senior information risk owner (SIRO).
  • Clear terms of reference set out the group's aims.
  • The group's meeting minutes record what takes place.
  • The group covers a full range of data protection-related topics including key performance indicators (KPIs), issues and risks.
  • The group has a work or action plan that is monitored regularly.
  • The board or highest management level considers data protection and information governance issues and risks reported by the oversight group.

Can you answer yes to the following questions?

  • Do group members report that the meetings are effective?
  • Do they meet frequently enough and cover appropriate topics?
  • Are senior management aware of the issues and risks?