Data Protection Annual Compliance Checklist

The Information Compliance Office has developed a Data Protection Annual Compliance Checklist for University Faculties, Departments, Divisions and other Institutions.  The checklist sets out a number of practical ‘housekeeping’ actions to be completed on an annual basis by individual University departments to help ensure their ongoing compliance with data protection law.

Checklist for 2025-26

The Checklist exercise will not run in 2025-26.  Instead, relevant content has been integrated into the Head of Institution assurance statement exercise 2026 run by the Assurance team in the Governance and Compliance Division.  This content roughly correlates to the first three topics of the Checklist (training and guidance; Information Asset Register; records management) from previous years.

Departments wishing to review their data protection compliance more widely, or wishing to remind themselves of the wider suite of guidance resources, processes and tools to assist with the data protection aspects of their ongoing activities, can use the content in the 2024-25 Checklist that covers the remaining topics.  All such content remains valid.

This approach will be reviewed after the conclusion of the Head of Institution assurance statement exercise to determine future plans for  assurance in this area.

Past checklists

These past versions are retained for reference but should no longer be used.

• Data Protection Annual Compliance Checklist for 2020-21
• Data Protection Annual Compliance Checklist for 2021-22
• Data Protection Annual Compliance Checklist for 2022-23
• Data Protection Annual Compliance Checklist for 2023-24
• Data Protection Annual Compliance Checklist for 2024-25

Queries

Queries may be addressed to data.protection@admin.cam.ac.uk.