Demonstrating Privacy Compliance
Including -- Privacy Self-Assessment
In response to the EU's directive
on Privacy and Data Protection, ICX (International Commerce
Exchange) has produced a Code of Conduct on the Protection
of Individuals with Regard to the Processing of Personal Data
and on the Free Movement of Such Data.
The Code of Conduct states:
"To ensure that the policies, processes
and procedures, introduced by an organisation to ensure
compliance with the requirements of the Directive, are effective
and are maintained to reflect changes within the organisation,
periodic audits must be carried out. An initial, in depth,
audit should be performed as a priority. Subsequent audits
should be carried out annually
The guidebook helps de-mystify the process
of providing privacy assurance. This is not an in-depth look
into the rules, regulations and details but an easy to use,
step by step process for demonstrating compliance with the
ICX Code of Conduct.
These guidelines are a template on which
to build an individual company plan to attain compliance through
self-assessment and verification auditing. How this is implemented
within an individual organisation is up to the organisation.
A company should develop their own operating conditions with
the help of these guidelines. They will then be in a position
with their local regulatory body (of their own country) to
seek advise that the measures they (plan to) take will comply
with local laws. Thus taking an organisation a long way towards
compliance and establishing "adequacy", but it cannot
be assumed to be the complete solution.
For a list of regulatory bodies in the European
countries, check the European Commission's website: Visit
So, for this guide to serve its purpose
a good working order could be for you
- read this guide
- look at your own business
- write your own operational policy or
- when in doubt, consult your local authority.
- What is data protection?
- Why is data protection needed?
- Demonstrating Privacy Compliance
- Self Assessment Questionnaire
- Quality requirements
- Duties and obligations
- International transfer of data
- Audits for compliance
out more about obtaining this guide