Skip to Content
TS-RDC-06 Trust & Stewardship Risk, Data & Compliance CORE Compliance v2.9.7

GDPR accountability & DPIA log

Assesses a systematic approach to GDPR compliance, ensuring all new or changed data processing activities are screened for risk, full Data Protection Impact Assessments (DPIAs) are conducted where required, and a formal log is maintained to demonstrate accountability. This rigorous oversight embodies the Islamic principle of muhasabah (accountability) and the imperative of sadd al-dhara'i (blocking the means to harm) by proactively identifying and mitigating risks to safeguard privacy.

Compliance 6
  • Documented Data Protection Policy
    Documentation Essential
  • Appointed DPO (where Art. 37 applies) or independent Data Protection Lead
    Governance Essential
  • Regular staff training on data handling and DPIA scenarios
    Training Essential
  • DPIA screening checklist for all new/changed processing
    Process Essential
  • Documented DPIA process (consultation, risk scoring, Art. 36 triggers)
    Process Essential
  • Comprehensive log of screenings/DPIAs with ROPA linkages
    Monitoring Essential
Good 2
  • Privacy Impact Assessments (PIAs) for all significant projects
    Excellence High
  • Annual board review of DPIA log
    Leadership High
Better 3
  • DPIA outcomes drive 'privacy by design' controls
    Operations High
  • Alignment with ICO Children's Code where applicable
    Compliance High
  • Quarterly lessons-learned reviews
    Continuous Improvement Medium

Related Criteria

TS-RDC-01 Multi‑scenario financial stress‑testing documented TS-RDC-02 Complaints & whistle-blowing mechanism TS-RDC-03 Due-diligence on delivery partners TS-RDC-04 Serious-incident reporting & escalation TS-RDC-05 Cyber-security baseline (NCSC Cyber Essentials – UK)
Version
2.9.7 2025-11-05

Discussion (1)

Administrator 2026-03-07 11:07:51.693135

📋 **Version updated: 1.0.0 → 2.9.7** **Changes:** Updated islamic_references from mizan-297.json

Sign in to post a comment.

Back to Criteria