- Introduction
- Framework
- Overview
- Planning the PIA Process
- Conducting the PIA process
Part V– Data Protection Act Compliance Checking
Data Protection Act compliance check
The organisation must ensure that the project, and the personal data that it handles, and its business activities, are compliant with:
- the Data Protection Act in general
- the Data Protection Principles
- the interpretations of the Principles
This is not a recommendation of this Handbook, but a requirement of law.
Compliance checking
The organisation must evaluate the project process and the resulting design, in order to ensure that it is compliant with the Data Protection Act. Unlike a PIA, which is best commenced early in the project life-cycle, compliance checking is normally conducted later, once the design has reached a detailed stage.
Each participating organisation must evaluate the activities it will undertake as part of the resulting system or scheme, in order to ensure that it is compliant with the Data Protection Act.
A detailed template (in Word format) is provided to assist in checking the compliance of a design against the Data Protection Principles.
Deferral of implementation and design adaptation
To the extent that the design is not compliant, it would be illegal to deploy the new or adapted system or scheme. It will be necessary to change the design prior to deployment, in order to achieve compliance.