New Toolkit Fast Tracks The Path To Data Protection Act Compliance

Share Article

The secure management of personal digital information is becoming a key challenge for organisations, and new UK legislation makes them liable to heavy fines if they commit serious breaches of the Data Protection Act (DPA). Compliance experts IT Governance have therefore launched a 'DPA Compliance Toolkit', which provides all the templates and tools organisations need to achieve compliance in the shortest possible time.

The secure management of personal digital information is becoming a key challenge for public and private sector organisations alike and, under the new Criminal Justice and Immigration Act, the UK's Information Commissioner is able to impose substantial fines on organisations that 'deliberately' or 'recklessly' commit serious breaches of the Data Protection Act (DPA). To help organisations comply with the requirements of the Act, IT Governance has launched a 'DPA Compliance Toolkit' ( that provides all the essential templates and tools, greatly simplifying and speeding up the task.

The 'DPA Compliance Toolkit' ( is an invaluable resource for data controllers and others charged with driving DPA compliance programmes. Its comprehensive contents include prepared policy documents, such as for data protection and access control; guidelines and procedures for tasks including data classification, disclosing data to a third party, and the secure disposal of removable storage media; employee materials, including an induction presentation and an acceptable use agreement; and a compliance audit checklist.

The potential cost to organisations of poor DPA compliance was recently demonstrated by the Financial Services Authority's imposition of a £980,000 fine upon Nationwide, and a £1.26 million fine upon Norwich Union, for failing to adequately protect personal data. The regime to be ushered in by the new Criminal Justice and Immigration Act will make such instances more common, once the Department of Justice has determined the level of fines in the coming months, and the first cases begun to be heard later this year. Although calls for custodial sentences for offenders were narrowly defeated in Parliament, there is certain to be a much harsher fate awaiting organisations that transgress. The window to achieve DPA compliance is therefore small.

The need for effective DPA compliance that reaches throughout the organisation was revealed in IT Governance's recent report 'Data Breaches: Trends, Costs and Best Practices' ( Its February 2008 survey of 130 technology and compliance professionals uncovered an apparent gulf between the DPA awareness of senior management and that of employees actually handling personal data. Eighty-two percent of organisations had introduced policies and procedures for protecting personal data, and over 80 percent had appointed a data controller or someone responsible for maintaining privacy; however, only 55 percent of employees handling personal data had been trained in their legal responsibilities in respect of this information.

Alan Calder, Chief Executive of IT Governance, commented,

"It is one thing to pay lip service to protecting personal data, and quite another to have a rigorous system in place for achieving DPA compliance. The fate awaiting companies that are lax over this is about to become very grim, with the Information Commissioner empowered under new legislation to impose significant fines. To meet the standards laid down in the Act, organisations need to have a comprehensive approach, and the DPA Compliance Toolkit provides all the elements that are needed. With the new DPA compliance regime coming into force in only a matter of months, organisations have absolutely no time to delay".

The 'DPA Compliance Toolkit' is priced at £79.95 and may be ordered for immediate despatch from


IT Governance Ltd is the one-stop shop for books, tools, training and consultancy for Governance, Risk Management and Compliance. It is a leading authority on data security and IT governance for business and the public sector. IT Governance is 'non-geek', approaching IT issues from a non-technology background and talking to management in its own language. Its customer base spans Europe, the Americas, the Middle East and Asia. More information is available at


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Visit website