Skip to main content

How to apply DPUP to your current processes

Agencies can use these simple practices to understand how to weave the Data Protection and Use Policy (DPUP) into their current processes.

Include DPUP in your role

DPUP’s good-practice advice applies to 5 general job functions:

  • working at the front line
  • managing or leading the front line
  • working in funding, contracting or partnering
  • developing policies, services or programmes
  • working in analysis, research or evaluation.

Each job function usually has established connections with common organisational practices, such as privacy. For example, Privacy by Design, privacy impact assessments and privacy risk assessments.

These common practices are the best places to include DPUP Principles and Guidelines.

Assess your privacy capability and maturity

DPUP sits alongside the Privacy Maturity Assessment Framework (PMAF).

PMAF helps agencies understand their current level of privacy capability, assess their maturity in managing personal information, and identify where they can improve. It includes specific references to DPUP’s good-practice advice in relation to PMAF’s various criteria.

Privacy Maturity Assessment Framework (PMAF) and self-assessments

Evaluate your current processes

Use these tools to evaluate your agency’s current processes using DPUP.

Check your actions align with DPUP

This high-level, 1-page checklist helps you to focus on practical actions that align with DPUP’s advice.

Use it:

  • to plan or review a piece of work, such as an existing service, programme or new proposal
  • as a team or group to consider what DPUP can mean for your work or a project.

Check your actions align with DPUP

Understand the Principles in practice

This tool sets out a series of questions for each of DPUP’s 5 Principles to help you consider how to apply them in your work.

It has 2 versions:

  • a 1-page tool that sets out the questions.
  • a 6-page version with ‘capture’ pages for each of the Principles that can be used in a workshop or discussion to quickly identify ideas to align with DPUP.

Understand the DPUP Principles in practice

Writing purpose statements

Purpose statements explain why you want to collect or use people’s information. They are the starting point for privacy statements, consent forms, privacy impact assessments, partnering agreements and contracts.

These tools include:

  • how to write a purpose statement, explaining the key steps involved
  • examples of purpose statements
  • a simple checklist to cover off each of the key steps in building a good purpose statement
  • a template for writing your own purpose statement.

How to write a purpose statement

Transparency and Choice checklist

The Transparency and Choice Guideline explains the:

  • importance of ensuring people understand what’s happening with their information
  • rights they have to access and request corrections to it
  • importance of offering people choices when possible.

This 1-page checklist helps you check you’ve thought through each of the Guideline’s key ideas. You can adapt it to make sense for your work and your organisation.

Create transparency and choice

Align with the information life cycle

Understand the information life cycle and how DPUP’s good-practice advice fits into planning, collecting, using, concluding and sharing information when the project or activity is all about developing insights to inform new action — such as research, analysis insights.

How DPUP fits into the information life cycle

Apply DPUP to your work

This looks at DPUP’s guidance in relation to the 5 general roles where elements of DPUP will often be relevant. It summarises DPUP for each role and provides relevant tools and resources for people who.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated