Accountability is a key requirement in data protection. Under this principle a data controller must be able to demonstrate their compliance with the legislation. One way of doing this is to show that an organisation has implemented good data protection practices. However, in addition to this, being responsible and accountable means taking steps to continually review and monitor these measures. This provides assurance that data protections risks are being fully considered and a robust privacy framework is in place.
One of the steps school has taken is compiling and maintaining an Information Asset Register. This is a simple way to help School to understand and manage information assets and the risks to them.