The global skills and competency framework for the digital world

Personal data protection PEDP

Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.

Updates for SFIA 9

  • There is an updated version of this skill for SFIA 9.
  • Theme(s) influencing the updates for this skill: Application of SFIA skills for records management, Making SFIA easier to consume (enhance readability/guidance/descriptions), Making SFIA easier to consume (updates to skill name/skill description), Making SFIA easier to consume (new levels).
  • Skill renamed from Personal data protection to broaden scope and to aid understanding of the scope of this skill
  • New levels have been added at level 4.
  • Content and/or readability changes have been made to level 5.
  • You can move to SFIA 9 when you are ready - SFIA 8 skill descriptions will still be available to use.
  • Previous SFIA assessments or skills mapping are not impacted by this change.

Guidance notes

Includes legislation regulating the holding, use and disclosure of personal data.

Activities may include — but are not limited to:

  • providing expert advice on policies, procedures and governance
  • designing privacy-friendly products, services and systems that respect customer privacy and embed data protection
  • performing impact assessments,  identify risks whilst enabling prudent use of data and addressing issues with products and services
  • responding to incidents
  • following legislative developments
  • creating privacy risk models and frameworks
  • working with subject matter experts in areas such as — but not limited to — legal, public relations, learning and development, procurement, security, data management, architecture.

Levels of responsibility for this skill

5 6

Personal data protection: Levels 1-4

This skill is not typically observed or practiced at these levels of responsibility and accountability.

Personal data protection: Level 5

Contributes to the development of policy, standards and guidelines related to personal data legislation.

Provides expert advice and guidance on implementing personal data legislation controls in products, services and systems. Investigates major data breaches and recommends appropriate control improvements.

Creates and maintains an inventory of data that are subject to personal data legislation. Conducts risk assessments, business impact analysis for complex information systems and specifies any required changes.

Ensures that formal requests and complaints are dealt with according to approved procedures. Prepares and submits reports and registrations to relevant authorities.

Personal data protection: Level 6

Develops strategies for compliance with personal data legislation.

Ensures that the policy and standards for compliance with personal data legislation are fit for purpose, current and correctly implemented.

Acts as the organisation's contact for the regulatory authorities.

Operates as a focus for personal data legislation for the organisation, working with specialists to provide authoritative advice and guidance.

Personal data protection: Level 7

This skill is not typically observed or practiced at this level of responsibility and accountability.