Resources

Useful Information Governance Resources

Information Governance Resources

The table below provides easy access to current Information Governance and Cyber Security resources that you may find helpful. This includes guidance documents from national bodies and information governance organisations, links to relevant websites, presentations from events and access to legislation in this area.

 

If you have any resources you think others would find helpful please send these to contact@nigf.org.uk.

 

The table below can be sorted by column heading and opened by tapping on the specific resource listed. You can also use the search box to filter resources.

Resources

Subject Area ▼▲Title ▼▲Description ▼▲Type ▼▲Created ▼▲Source ▼▲
ISO27001ISO 27001 Information Security resourcesBSI ISO/IEC 27001 Information Security resourcesWebsiteNot DetailedBSI Group
ISO27001ISO/IEC 27001 Information Security ManagementThe BSI (British Standards Institute) ISO27001 OverviewWebsiteNot DetailedBSI Group
NISNetwork and Information Systems Regulations 2018The ICO Guide to the NIS DirectiveWebsiteNot DetailedICO
NISNIS Directive and NIS Regulations 2018A Summary of the NIS Directive (Network and Information Systems)Website2018GOV.UK
Legislation - IT SecurityThe Network and Information Systems Regulations 2018The NIS Directive LegislationWebsite2018GOV.UK
NISNIS - Guidance for Competent AuthoritiesThe NIS GuidanceWebsiteNot DetailedGOV.UK
GDPRBrexit Workshop SlidesSlides from the Evolve North Brexit and the Data Protection Challenge Workshop - January 2019Presentation2019Evolve North
Breach ManagementCyber Security Breaches Survey 2018Department for Digital, Culture, Media and Sport Cyber Security Breaches Survey 2018: Statistical ReleaseReport2018Department for Digital, Culture, Media and Sport
Breach ManagementDPPC Breach Notification SlidesSlides from Data Protection Practitioners’ Conference 2018 on reporting breaches to the ICOPresentation2018ICO
Breach ManagementICO Personal Data Breach Reporting FormForm for reporting breaches to the ICOForm2018ICO
Breach ManagementNHS Digital DSP Incident Reporting GuidanceGuide to the Notification of Data Security and Protection IncidentsGuidance Doc2018NHS Digital
Breach ManagementGuidelines on Personal data breach notification under Regulation 2016/679Guidance from the Article 29 Data Protection Working Party on breach notificationGuidance Doc2018Article 29 DP WP
Breach ManagementICO Breach ReportingGuidance from ICO on when and how to report a data breachWebsiteNot DetailedICO
Data Controllers/ProcessorsData Controllers and Data Processors GuidanceGuidance from the ICO on determine data controller and data processor roles and responsibilitiesGuidance Doc2014ICO
Data Controllers/ProcessorsData Protection Fee GuideA guide for data controllers on the Data Protection FeeGuidance Doc2018ICO
GDPRData Controllers and Data Processors ChecklistTo help determing whether you are a controller, a processor or a joint controllerChecklistNot detailedICO
Data Controllers/ProcessorsICO Controllers and Processors GuidanceGeneral guidance from ICO on data controllers and processorsWebsiteNot DetailedICO
Data Protection by DesignArticle 29 DPIA guidanceGuidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679Guidance Doc2017Article 29 DP WP
Data Protection by DesignICO DP by Design guidanceGeneral guidance from ICO on Data Protection by DesignWebsiteNot DetailedICO
DPOArticle 29 DPO guidanceGuidelines from the Article 29 Data Protection Working Party on Data Protection Officers (‘DPOs’)Guidance Doc2016Article 29 DP WP
International/BrexitAdequacy DecisionsInformation on Adequacy Decisions and how the EU determines if a non-EU country has an adequate level of data protection.ICONot detailedEuropean Commission
International/BrexitInternational TransfersICO guidance on making International Data Transfers and appropriate safeguardsWebsiteNot detailedICO
International/BrexitICO International Transfers GuidanceICO guidance on making International Data Transfers and appropriate safeguardsGuidance Doc2018ICO
International/BrexitLeaving the EU – six steps to takeICO guidance on leaving the EU and key considerations for UK organisationsGuidance Doc2018ICO
Legislation - ePrivacyePrivacy Regulations 2002Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)Legislation2002European Parliament and the Council of the European Union
Legislation - DPEU Exit Regulations for Data ProtectionDraft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (PDF)Legislation2019Secretary of State
GDPRFreedom of Information Act 2000Freedom of Information Act 2000 (PDF)Legislation2000Secretary of State
Legislation - DPEU General Data Protection RegulationRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (PDF)Legislation2016European Parliament and the Council of the European Union
Legislation - DPData Protection Act 2018UK Data Protection Act 2018 (PDF)Legislation2018Secretary of State
Legitimate InterestsData Protection Network Legitimate Interests GuidanceGuidance on the use of Legitimate Interests as a legal basis under the EU General Data Protection RegulationGuidance Doc2018Data Protection Network
Legitimate InterestsICO GDPR Lawful basis for processing - Legitimate interests GuidanceGuidance on the use of Legitimate Interests as a legal basis under the EU General Data Protection RegulationGuidance Doc2018ICO
GDPRICO Legitimate Interests Assessment TemplateTemplate for carrying out an assessment of legitimate interests against the interest, rights and freedoms of individuals.Template2018ICO
Marketing/PECRDirect Marketing ChecklistDirect marketing checklist and at-a-glance guide to marketing rulesChecklist2016ICO
Marketing/PECRDirect Marketing GuidanceGuidance on direct marketing as influenced by the Data Protection Act and the Privacy and Electronic Communications RegulationsGuidance Doc2018ICO
ProfilingPECR GuidanceGuide to Privacy and Electronic Communications RegulationsWebsiteNot detailedICO
ProfilingArticle 29 Working Party Automated Decision Making and ProfilingGuidelines on Automated individual decision-making and profiling for the purposes of Regulation 2016/679Guidance Doc2017Article 29 DP WP
International/BrexitData Protection Laws of the WorldMap comparing the Data Protection laws across the worldWebsiteNot detailedDLA Piper
ICOICO consultation on the draft framework code of practice for the use of personal data in political campaigningThe ICO is consulting on a new framework code of practice for the use of personal data in political campaigningWebsite2019ICO
Data Security and ProtectionIntroducing the NIGFPresentation from our inaugural NIGF eventPresentation2019NIGF
ICOCertification Schemes/Codes of Conduct/BrexitPresentation on a possible GDPR certification scheme/codes of conduct and an update on Brexit and data protectionPresentation2019Evolve North / NIGF

Join us at our next event

Did you know you can sign up to join our next Northern Information Governance Forum event for free today? Click the link below to find out more.

Find out more