This guidance outlines recommendations and best practices for creating a data protection governance framework within an organisation. A data protection governance framework lays down the principles and procedures for the use of personal data within an organisation and governs the functions of a company’s data protection officer (DPO) or data protection office. In particular, it should serve as a reference point for the various procedures, roles and responsibilities within the company, to ensure accountability from the perspective of both staff and clients and instil privacy values throughout the organisation.