Skip to main content

Accountability framework self-assessment

We have launched a new Data Protection Audit Framework designed to help organisations assess their own compliance with key requirements under data protection law. The framework is an extension to the existing Accountability Framework. All existing content has been migrated into the new Audit Framework.

What is the accountability framework self-assessment?

The accountability self-assessment will help you to assess the extent to which your organisation is currently meeting the ICO’s expectations in relation to accountability.

You should use the self-assessment with the Accountability Framework and we recommend you read the framework first before undertaking the self-assessment.

Completing the self-assessment is not compulsory and the ICO does not have access to the results.

If you think you would benefit from a more detailed analysis and specific assurance rating, you can ask the ICO to conduct an audit.

How to use the self-assessment

The self-assessment will take about 50 minutes to complete. You cannot save your progress so it all needs to be completed at the same time.

You will see a series of statements that reflect the ICO’s expectations. You need to assess whether you are meeting, partially meeting or not meeting this expectation.

I am likely to be meeting this expectation You are meeting the expectation in all the ways listed in the accountability framework that are relevant to your organisation, or you are meeting the expectation fully in other appropriate ways.
I am likely to be partially meeting this expectation You are meeting the expectation in some of the ways listed in the accountability framework that are relevant to your organisation, or you are partially meeting the expectation in other appropriate ways.
I am not likely to be meeting this expectation You are not meeting our expectation in any of the ways listed in the accountability framework and you are not meeting the expectation in any other appropriate ways.
This is not relevant to my organisation After considering your circumstances, processing activities and risk, you do not think the expectation is relevant to your organisation.

At the end of the self-assessment you will receive a downloadable report indicating where you have stated you are meeting, partially meeting or not meeting our expectations. You can use this report to help you determine the next steps your organisation needs to take in order to comply with the accountability principle and to track your progress over time.

You can use this report to:

  • understand your current level of compliance;
  • record the next steps to take to improve your accountability; and
  • to communicate what you need from appropriate individuals in your organisation, such as senior management. For example, more resources or training.

You can also use our accountability tracker if you want to record more detail and track your progress over time.