Data Protection Audit Guidance
Data protection law in the UK consists primarily of the UK GDPR and the Data Protection Act 2018. The UK GDPR is the retained EU GDPR, integrated into UK law by the European Union (Withdrawal) Act 2018. This document has been updated in line with the UK GDPR and is ready for use from the start of 2021. These Guidance Notes are designed to assist in compliance with that legislation.
The original EU GDPR, along with the Data Protection Act 2018, significantly modernised
data protection law, taking into account significant new developments in
technology and new uses of personal data that simply did not exist when the
Data Protection Act 1998 was written.
This document takes account of best practice and
guidance that has developed since the EU GDPR came into effect in May 2018 and was updated in 2020 to assist businesses in assessing risks and implementing new security
measures in light of the significant increase in home working due to the COVID-19 pandemic.
A data protection audit is a useful starting point in complying with the
UK’s data protection legislation and being able to demonstrate that
compliance. The audit enables you to determine the degree to which your
current practices align with the requirements set down in the law, and,
even more importantly, to identify areas for improvement.
These Guidance Notes are designed to be used in conjunction with our Data
Protection Audit template, available
here, and provide important background information to each section in the
This document is also available in the
UK GDPR & Data Protection group.
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.