How to apply DPUP to your current processes
Agencies can use these simple practices to understand how to weave the Data Protection and Use Policy (DPUP) into their current processes.
Include DPUP in your role
DPUP’s good-practice advice applies to 5 general job functions:
- working at the front line
- managing or leading the front line
- working in funding, contracting or partnering
- developing policies, services or programmes
- working in analysis, research or evaluation.
Each job function usually has established connections with common organisational practices, such as privacy. For example, Privacy by Design, privacy impact assessments and privacy risk assessments.
These common practices are the best places to include DPUP Principles and Guidelines.
Assess your privacy capability and maturity
DPUP sits alongside the Privacy Maturity Assessment Framework (PMAF).
PMAF helps agencies understand their current level of privacy capability, assess their maturity in managing personal information, and identify where they can improve. It includes specific references to DPUP’s good-practice advice in relation to PMAF’s various criteria.
Evaluate your current processes
Use these tools to evaluate your agency’s current processes using DPUP.
Check your actions align with DPUP
This high-level, 1-page checklist helps you to focus on practical actions that align with DPUP’s advice.
- to plan or review a piece of work, such as an existing service, programme or new proposal
- as a team or group to consider what DPUP can mean for your work or a project.
Understand the Principles in practice
This tool sets out a series of questions for each of DPUP’s 5 Principles to help you consider how to apply them in your work.
It has 2 versions:
- a 1-page tool that sets out the questions.
- a 6-page version with ‘capture’ pages for each of the Principles that can be used in a workshop or discussion to quickly identify ideas to align with DPUP.
Writing purpose statements
Purpose statements explain why you want to collect or use people’s information. They are the starting point for privacy statements, consent forms, privacy impact assessments, partnering agreements and contracts.
These tools include:
- how to write a purpose statement, explaining the key steps involved
- examples of purpose statements
- a simple checklist to cover off each of the key steps in building a good purpose statement
- a template for writing your own purpose statement.
Transparency and Choice checklist
The Transparency and Choice Guideline explains the:
- importance of ensuring people understand what’s happening with their information
- rights they have to access and request corrections to it
- importance of offering people choices when possible.
This 1-page checklist helps you check you’ve thought through each of the Guideline’s key ideas. You can adapt it to make sense for your work and your organisation.
Align with the information life cycle
Understand the information life cycle and how DPUP’s good-practice advice fits into planning, collecting, using, concluding and sharing information when the project or activity is all about developing insights to inform new action — such as research, analysis insights.
Apply DPUP to your work
This looks at DPUP’s guidance in relation to the 5 general roles where elements of DPUP will often be relevant. It summarises DPUP for each role and provides relevant tools and resources for people who.