A Data Protection GDPR Audit will look at your current arrangement against the Six Data Protection Principles, in preparation for GDPR.
PII and Processing Activity
Our auditors will use interviews with key staff and your Data Flow Audit [if available] to determine the type of PII used by the organisation, and evaluate a lawful basis for processing that data.
Policy & Documentation
Core and advisable documentation will also be reviewed for suitability, including:
- Data Subject Access Request Procedures
- Rectification and Erasure Procedures (Right to be Forgotten)
- Data Processing Agreements.
Privacy by Design & DPIA
Your ability to build privacy into the design of systems and processes, and required Data Protection Impact Assessments will be evaluated.
Data Protection Controls
The audit will also sample the steps you are taking to protect data, in line with principle 6.
However, for a more comprehensive information security framework or audit programme, consider ISO 27001. Find out More about ISO 27001.
Arrange a Data Protection Audit
Our data protection audits are conducted by experienced consultants who have helped organisations comply with the current Data Protection Legislation, and prepared extensively for GDPR and the UK Data Protection Bill.
Our audits are currently based on accepted best practices and the limited amount of guidance currently available from the ICO. You should note that until the Data Protection Bill has passed in the UK Parliament, no-one can be entirely sure of the legislative requirement, nor how ICO intend to enforce it. We will be updating customers as things become clearer.
While a data flow audit is not required, it is advisable, as this helps to focus the data protection audits more accurately.