Resource Link: Click Here

Legislative requirements

To help you to understand the law and good practice as clearly as possible, this guidance says what organisations mustshould, and could do to comply.

Must refers to:

  • legislative requirements within our remit; or
  • established case law (for the laws that we regulate) that is binding.

Good practice

  • Should does not refer to a legislative requirement, but what we expect you to do to comply effectively with the law. We expect you to do this unless there is a good reason not to. If you choose to take a different approach, you need to be able to be able to demonstrate that this approach also complies with the law.
  • Could refers to an option or example that you may consider to help you to comply effectively. There are likely to be various other ways for you to comply.​​​​​​​

Associations or other bodies develop codes of conduct to provide specific guidelines for data protection issues that are important to their members. They help organisations comply with data protection law, building public trust and confidence in their ability to do so. Code owners are responsible for developing and submitting a code of conduct to us for approval.