Join us at our next event
Did you know you can sign up to join our next Northern Information Governance Forum event for free today? Click the link below to find out more.
Find out moreUseful Information Governance Resources
The table below provides easy access to current Information Governance and Cyber Security resources that you may find helpful. This includes guidance documents from national bodies and information governance organisations, links to relevant websites, presentations from events and access to legislation in this area.
If you have any resources you think others would find helpful please send these to contact@nigf.org.uk.
The table below can be sorted by column heading and opened by tapping on the specific resource listed. You can also use the search box to filter resources.
| Subject Area ▼▲ | Title ▼▲ | Description ▼▲ | Type ▼▲ | Created ▼▲ | Source ▼▲ |
|---|---|---|---|---|---|
| ISO27001 | ISO 27001 Information Security resources | BSI ISO/IEC 27001 Information Security resources | Website | Not Detailed | BSI Group |
| ISO27001 | ISO/IEC 27001 Information Security Management | The BSI (British Standards Institute) ISO27001 Overview | Website | Not Detailed | BSI Group |
| NIS | Network and Information Systems Regulations 2018 | The ICO Guide to the NIS Directive | Website | Not Detailed | ICO |
| NIS | NIS Directive and NIS Regulations 2018 | A Summary of the NIS Directive (Network and Information Systems) | Website | 2018 | GOV.UK |
| Legislation - IT Security | The Network and Information Systems Regulations 2018 | The NIS Directive Legislation | Website | 2018 | GOV.UK |
| NIS | NIS - Guidance for Competent Authorities | The NIS Guidance | Website | Not Detailed | GOV.UK |
| GDPR | Brexit Workshop Slides | Slides from the Evolve North Brexit and the Data Protection Challenge Workshop - January 2019 | Presentation | 2019 | Evolve North |
| Breach Management | Cyber Security Breaches Survey 2018 | Department for Digital, Culture, Media and Sport Cyber Security Breaches Survey 2018: Statistical Release | Report | 2018 | Department for Digital, Culture, Media and Sport |
| Breach Management | DPPC Breach Notification Slides | Slides from Data Protection Practitioners’ Conference 2018 on reporting breaches to the ICO | Presentation | 2018 | ICO |
| Breach Management | ICO Personal Data Breach Reporting Form | Form for reporting breaches to the ICO | Form | 2018 | ICO |
| Breach Management | NHS Digital DSP Incident Reporting Guidance | Guide to the Notification of Data Security and Protection Incidents | Guidance Doc | 2018 | NHS Digital |
| Breach Management | Guidelines on Personal data breach notification under Regulation 2016/679 | Guidance from the Article 29 Data Protection Working Party on breach notification | Guidance Doc | 2018 | Article 29 DP WP |
| Breach Management | ICO Breach Reporting | Guidance from ICO on when and how to report a data breach | Website | Not Detailed | ICO |
| Data Controllers/Processors | Data Controllers and Data Processors Guidance | Guidance from the ICO on determine data controller and data processor roles and responsibilities | Guidance Doc | 2014 | ICO |
| Data Controllers/Processors | Data Protection Fee Guide | A guide for data controllers on the Data Protection Fee | Guidance Doc | 2018 | ICO |
| GDPR | Data Controllers and Data Processors Checklist | To help determing whether you are a controller, a processor or a joint controller | Checklist | Not detailed | ICO |
| Data Controllers/Processors | ICO Controllers and Processors Guidance | General guidance from ICO on data controllers and processors | Website | Not Detailed | ICO |
| Data Protection by Design | Article 29 DPIA guidance | Guidelines on Data Protection Impact Assessment (DPIA) and determining whether processing is “likely to result in a high risk” for the purposes of Regulation 2016/679 | Guidance Doc | 2017 | Article 29 DP WP |
| Data Protection by Design | ICO DP by Design guidance | General guidance from ICO on Data Protection by Design | Website | Not Detailed | ICO |
| DPO | Article 29 DPO guidance | Guidelines from the Article 29 Data Protection Working Party on Data Protection Officers (‘DPOs’) | Guidance Doc | 2016 | Article 29 DP WP |
| International/Brexit | Adequacy Decisions | Information on Adequacy Decisions and how the EU determines if a non-EU country has an adequate level of data protection. | ICO | Not detailed | European Commission |
| International/Brexit | International Transfers | ICO guidance on making International Data Transfers and appropriate safeguards | Website | Not detailed | ICO |
| International/Brexit | ICO International Transfers Guidance | ICO guidance on making International Data Transfers and appropriate safeguards | Guidance Doc | 2018 | ICO |
| International/Brexit | Leaving the EU – six steps to take | ICO guidance on leaving the EU and key considerations for UK organisations | Guidance Doc | 2018 | ICO |
| Legislation - ePrivacy | ePrivacy Regulations 2002 | Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) | Legislation | 2002 | European Parliament and the Council of the European Union |
| Legislation - DP | EU Exit Regulations for Data Protection | Draft Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (PDF) | Legislation | 2019 | Secretary of State |
| GDPR | Freedom of Information Act 2000 | Freedom of Information Act 2000 (PDF) | Legislation | 2000 | Secretary of State |
| Legislation - DP | EU General Data Protection Regulation | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (PDF) | Legislation | 2016 | European Parliament and the Council of the European Union |
| Legislation - DP | Data Protection Act 2018 | UK Data Protection Act 2018 (PDF) | Legislation | 2018 | Secretary of State |
| Legitimate Interests | Data Protection Network Legitimate Interests Guidance | Guidance on the use of Legitimate Interests as a legal basis under the EU General Data Protection Regulation | Guidance Doc | 2018 | Data Protection Network |
| Legitimate Interests | ICO GDPR Lawful basis for processing - Legitimate interests Guidance | Guidance on the use of Legitimate Interests as a legal basis under the EU General Data Protection Regulation | Guidance Doc | 2018 | ICO |
| GDPR | ICO Legitimate Interests Assessment Template | Template for carrying out an assessment of legitimate interests against the interest, rights and freedoms of individuals. | Template | 2018 | ICO |
| Marketing/PECR | Direct Marketing Checklist | Direct marketing checklist and at-a-glance guide to marketing rules | Checklist | 2016 | ICO |
| Marketing/PECR | Direct Marketing Guidance | Guidance on direct marketing as influenced by the Data Protection Act and the Privacy and Electronic Communications Regulations | Guidance Doc | 2018 | ICO |
| Profiling | PECR Guidance | Guide to Privacy and Electronic Communications Regulations | Website | Not detailed | ICO |
| Profiling | Article 29 Working Party Automated Decision Making and Profiling | Guidelines on Automated individual decision-making and profiling for the purposes of Regulation 2016/679 | Guidance Doc | 2017 | Article 29 DP WP |
| International/Brexit | Data Protection Laws of the World | Map comparing the Data Protection laws across the world | Website | Not detailed | DLA Piper |
| ICO | ICO consultation on the draft framework code of practice for the use of personal data in political campaigning | The ICO is consulting on a new framework code of practice for the use of personal data in political campaigning | Website | 2019 | ICO |
| Data Security and Protection | Introducing the NIGF | Presentation from our inaugural NIGF event | Presentation | 2019 | NIGF |
| ICO | Certification Schemes/Codes of Conduct/Brexit | Presentation on a possible GDPR certification scheme/codes of conduct and an update on Brexit and data protection | Presentation | 2019 | Evolve North / NIGF |
Did you know you can sign up to join our next Northern Information Governance Forum event for free today? Click the link below to find out more.
Find out more