1.1. The organisation has a framework to support the lawful, fair and transparent use of data

1.2. Individual rights are respected and supported

1.3. Accountability and governance in place for data security and cyber security

1.4. Records are maintained appropriately

1.5. Personal information is used and shared lawfully

1.6. The use of personal information is subject to data protection by design and by default

1.7. Effective data quality controls are in place and records are maintained appropriately

1.8. There is a clear understanding and management of the identified and significant risks to sensitive information and services