Accountability and governance
The guidance on this page is suitable for large businesses in the public, private and third sectors. Small businesses should use the resources on our small business web hub.
Brief guidance
Guide to accountability and governance
Contracts, documentation, data protection by design and default, data protection impact assessments and data protection officers.
Detailed guidance
Contracts and liabilities between controllers and processors
When contracts are needed and why they are important, what needs to be included and responsibility and liability.
Documentation
What is documentation and who needs to document processing activities, what needs to be documented under article 30 and how to document processing activities.
Data protection impact assessments (DPIA)
What is a DPIA, when and how to conduct one, consulting the ICO and examples of 'likely to result in high risk'.
Codes of conduct
Data protection codes of conduct address sector specific data protection issues and support compliance with the UK GDPR’. We have detailed guidance and other resources for trade organisations and similar representative bodies who may create codes of conduct for their members.
Certification schemes
Data protection certification can help demonstrate data protection in a practical way to businesses, individuals and regulators. We have detailed guidance and other resources about certifications schemes for organisations.
Resources
Accountability framework
Assess your organisation’s accountability and governance.