Data Protection Audit Template

Data Protection Audit

BS.DAT.AU.01A

Data protection law in the UK consists primarily of the UK GDPR and the Data Protection Act 2018. The UK GDPR is the retained EU GDPR, integrated into UK law by the European Union (Withdrawal) Act 2018. This document has been updated in line with the UK GDPR and is ready for use from the start of 2021.

It is important to ensure that you maintain compliance with data protection legislation. This includes regularly auditing your systems and performance to ensure that you are still doing the best job you can. This Audit is designed to assist in such data protection health checks.

This template has been takes account of best practice and guidance that has developed since the EU GDPR came into effect in May 2018 and was also updated in 2020 to assist businesses in assessing risks and implementing new security measures in light of the significant increase in home working due to the 2020 COVID-19 pandemic.

Detailed background information and guidance is available in our Data Protection Audit Guidance Notes, available here. These are designed to be used in conjunction with this audit template and to guide you through the audit, step by step, providing important background information to each section.

The audit is structured around the core principles of the UK GDPR and the rights of data subjects. It is designed to assess and evaluate data protection practice and compliance within your business across a number of key areas.

This audit includes a large number of questions and will require some time to complete; however, please note that not all parts will be relevant to all businesses. If a question does not apply to your business, simply write “n/a” in response to it.

This document is also available in the IT & Software group.

The Data Protection Audit is divided into the following parts:

1. General
2. Data Protection by Design & Data Protection Impact Assessments
3. Staff Awareness and Training
4. Lawfulness
5. Fairness
6. Adequacy and Relevance
7. Accuracy
8. Data Transfers Abroad
9. Record Keeping
10. Data Retention and Deletion
11. Data Security
12. Data Breaches

Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.

Top