Information Commissioner's Office
Blog: A day in the life of the ICO’s information management team
“It’s important to remember the people behind the information.”
It can be easy to forget that the ICO isn’t just the regulator of data protection – we’re a data controller too! I lead a team that’s responsible for managing the ICO’s compliance. That includes meeting the requirements of the accountability principle – put simply, making sure we have appropriate measures in place and that we can demonstrate how we’ve met them
What’s the best part of your role?
Information management is really about people.
Firstly, my team needs to work with people across the organisation to find out what their priorities are, how they work and what they need from us.
Secondly, we must always remember that each piece of personal data we store belongs to a real person. There’s a human behind the data we handle.
That’s why it’s so important for us to assess our processes and ensure we are getting our transparency obligations right.
Like lots of other organisations, we used the ICO’s online Accountability Framework to review our systems and put in place a plan to highlight what information we needed, when we needed it and who we should be talking to.
What are the biggest challenges in your role?
As our organisation grows it can be difficult to maintain important connections with people who work here and to stay on top of their programmes. That’s why we’ve established a community of local information management officers across the ICO who meet regularly. We use their feedback to make our processes easier for staff to understand and use.
One thing you wish you’d known at the start of your role?
Accountability can seem overwhelming. It’s more than just ticking boxes and is about embedding a positive, proactive culture in your organisation. But when you break it down, it’s a lot easier to manage. I tackled it by focussing on two key elements: putting appropriate measures in place and then demonstrating how we comply with those measures.
The Accountability Framework was invaluable. The tools and priority areas really helped to structure my approach and meant I could focus on working and hearing from teams within the organisation. I frequently go back to the tool and my initial assessment to see how we have developed and where we can still improve.
Learn more about the Accountability Framework
The Accountability Framework is a tool designed to help data protection professionals manage their accountability obligations. It uses a risk-based approach meaning it can be adapted for organisations of all sizes. We know that when building a data protection framework a one size fits all approach isn’t possible. And so we’ve added case studies from a variety of organisations to give you ideas of the various ways you can demonstrate your accountability in practice.
See case studies from Macmillan Cancer Support, Newry Mourne and Down District Council, the Office of Intercollegiate Services at the University of Cambridge and the Department for Environment, Food and Rural Affairs.
We’d like to thank the organisations for taking the time to explain their approaches to us.
Iman El Mehdawy is a Group Manager in the ICO's Information Management department. The team provides support and advice to ensure that information management and privacy are embedded into ICO systems and processes.
Latest News from
Information Commissioner's Office
Blog: What does equality of access really mean when developing a career with a visual impairment?19/05/2022 12:25:00
On Global Accessibility Awareness Day, Paul Arnold, ICO Deputy Chief Executive and Chief Operating Officer shares his story.
ICO response to Channel 4 ‘Inside the Metaverse’ documentary29/04/2022 12:25:00
A recent C4 Dispatches – Inside the Metaverse looked at the metaverse and how the platforms enforce against users that act inappropriately.
Conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC – 19 April 202220/04/2022 12:25:00
The ICO found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Statement following conclusion of ICO investigation into unauthorised disclosure of CCTV footage from DHSC13/04/2022 16:20:00
The Information Commissioner’s Office (ICO) has found insufficient evidence to prosecute two people suspected of unlawfully obtaining and disclosing CCTV footage from the Department for Health and Social Care (DHSC).
Children's privacy and international collaboration12/04/2022 15:20:00
John Edwards, UK Information Commissioner, is in Washington DC this week to meet with regulators, civil society, lawmakers and tech companies, as well as present the work of the ICO at the IAPP Global Privacy Summit.
Blog: Why protecting children online in UK living rooms starts 5,000 miles away12/04/2022 09:10:00
Blog posted by: John Edwards, UK Information Commissioner, 11 April 2022.
Statement in response to open Democracy's letter08/04/2022 12:25:00
openDemocracy has issued an open letter about the Freedom of Information Act.
John Edwards article in Civil Service World – 5 April 202207/04/2022 12:25:00
Civil Service World have published an article by John Edwards, in which he discusses what he’s learned so far from his listening tour, and offers reassurance about the service that the ICO is looking to give to people and businesses.