Data Protection Audit Guidance
Data protection law in the UK consists primarily of the UK GDPR and the Data Protection Act 2018. The UK GDPR is the retained EU GDPR, integrated into UK law by the European Union (Withdrawal) Act 2018. This document has been updated in line with the UK GDPR and is ready for use from the start of 2021. These Guidance Notes are designed to assist in compliance with that legislation.
The original EU GDPR, along with the Data Protection Act 2018, significantly modernised data protection law, taking into account significant new developments in technology and new uses of personal data that simply did not exist when the Data Protection Act 1998 was written.
This document takes account of best practice and guidance that has developed since the EU GDPR came into effect in May 2018 and was updated in 2020 to assist businesses in assessing risks and implementing new security measures in light of the significant increase in home working due to the COVID-19 pandemic.
A data protection audit is a useful starting point in complying with the UK’s data protection legislation and being able to demonstrate that compliance. The audit enables you to determine the degree to which your current practices align with the requirements set down in the law, and, even more importantly, to identify areas for improvement.
These Guidance Notes are designed to be used in conjunction with our Data Protection Audit template, available here, and provide important background information to each section in the audit.
This document is also available in the UK GDPR & Data Protection group.
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.