In the spirit of creating new and snazzy guides to encourage a better standard of compliance, the Personal Data Protection Commission has released new guides:

1. Guide to Developing a Data Protection Management Programme
2. Guide to Data Protection Impact Assessments

A lot of effort probably went into this, complete with diagrams and schemas. Do give it a read!

I think there’s an Easter Egg in the Guide to Developing a Data Protection Management Programme — at the last page, you would find a section titled “Validate the [Data Protection Management Programme]” which encourages you to get your Data Protection programmes validated externally and apply for certification. It does not actually tell you how to do it and who actually does it (and as far as I am aware no such thing actually exists), but I have heard that the PDPC is thinking of developing a programme to certify companies who have good data protection programmes in place. Certification would promote trust in customers and provide a competitive advantage in an environment where it is not possible for someone to tell who actually walks the talk of data protection. This is a space to watch!