Data Protection Audit Guidance
26 November 2023 Update: This document has been reviewed and updated for compatibility with the UK-US Data Bridge and other “partial findings of adequacy” relating to specific organisations, legislation, and frameworks.
These Guidance Notes are designed to assist in compliance with that legislation. Data protection law in the UK consists primarily of the UK GDPR and the Data Protection Act 2018.
The original EU GDPR, along with the Data Protection Act 2018, significantly modernised data protection law, taking into account significant new developments in technology and new uses of personal data that simply did not exist when the Data Protection Act 1998 was written.
This document takes account of best practice and guidance that has developed since the EU GDPR came into effect in May 2018 and was updated in 2020 to assist businesses in assessing risks and implementing new security measures in light of the significant increase in home working due to the COVID-19 pandemic.
A data protection audit is a useful starting point in complying with the UK’s data protection legislation and being able to demonstrate that compliance. The audit enables you to determine the degree to which your current practices align with the requirements set down in the law, and, even more importantly, to identify areas for improvement.
These Guidance Notes are designed to be used in conjunction with our Data Protection Audit template, available here, and provide important background information to each section in the audit.
This document is also available in the UK GDPR & Data Protection group.
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.