The ICO view on Black Box

Document Processing Procedures

ICO Correspondence below - (contact details have been omitted to protect the individuals right to privacy. However verification of the content below will be supplied if requested)

Case Reference Number ENQ0719284


Dear Sirs 

Thank you for your further email of 5 March 2018 (attached for your reference).


You ask if I can provide a view on your procedures. Unfortunately, I can only provide general advice and am not in a position to endorse, approve or provide opinions on specific procedures.


However, from the information you have provided, it appears to be the case that you have a good understanding of your obligations when managing personal data. As you are aware, organisations must ensure they have appropriate security measures in place to keep personal data secure.


From the information you provide above, I can see that you have reviewed your practices and procedures with this in mind.  

If you are satisfied that you have appropriate procedures in place to meet the requirements of the General Data Protection Regulation (GDPR), it is likely you will be meeting your obligations under the legislation.


Further information about these requirements can also be found in the Guide to the GDPR on our website,   I hope this information is helpful to you.

Further information about the Information Commissioner's Office and the work we oversee can be found on our website,

Yours sincerely

Lead Case Officer

Information Commissioner's Office