The ICO view on Black Box
Document Processing Procedures
ICO Correspondence below - (contact details have been omitted to protect the individuals right to privacy. However verification of the content below will be supplied if requested)
Case Reference Number ENQ0719284
Dear Mr Syers
Thank you for your further email of 5 March 2018 (attached for your reference).
You ask if I can provide a view on your procedures. Unfortunately, I can only provide general advice and am not in a position to endorse, approve or provide opinions on specific procedures.
However, from the information you have provided, it appears to be the case that you have a good understanding of your obligations when managing personal data. As you are aware, organisations must ensure they have appropriate security measures in place to keep personal data secure.
From the information you provide above, I can see that you have reviewed your practices and procedures with this in mind.
If you are satisfied that you have appropriate procedures in place to meet the requirements of the General Data Protection Regulation (GDPR), it is likely you will be meeting your obligations under the legislation.
Further information about the Information Commissioner's Office and the work we oversee can be found on our website, www.ico.org.uk.
Lead Case Officer
Information Commissioner's Office