Compliance checking
The organisation must evaluate the project process and the resulting design, in order to ensure that it is compliant with the Data Protection Act. Unlike a privacy impact assessment (PIA), which is best commenced early in the project life-cycle, compliance checking is normally conducted later, once the design has reached a detailed stage.
Each participating organisation must evaluate the activities it will undertake as part of the resulting system or scheme, in order to ensure that it is compliant with the Data Protection Act.
A detailed template is provided in Appendix 2 to assist in checking the compliance of a design against the data protection principles. There is a further template in Appendix 3 to assess compliance with PECR. These templates are not comprehensive compliance tools in themselves, but do point to the issues you need to address as part of your own organisation’s compliance checking procedures. They can be a useful starting point for developing in-house compliance checking procedures or quality assuring existing compliance tools your organisation already has in place.
Postponing or redesigning a project
To the extent that the design is not compliant with data protection law, it may be necessary to change the design prior to deployment, in order to achieve compliance.