Personal Data Guardianship

The Information Security Awareness Forum BCS The Chartered Institute for IT The British Computer Society All organisations holding personal data have legal obligations under the Data Protection Act 1998 to ensure that it is managed well. Each organisation should appoint at least one senior level ’responsible person’ who is accountable for the purpose and manner in which personal data is collected, processed, stored and disposed of. Workers across an organisation, because of the nature of their roles, may also act as data handlers to manage personal data.