This Data Protection Audit is designed to assist compliance with UK data
protection legislation, most notably the UK GDPR (the retained EU GDPR) and the Data Protection Act
This document takes account of best practice and
guidance that has developed since the original EU GDPR came into effect in May 2018 and was updated in 2020 to assist businesses in assessing risks and implementing new security
measures in light of the significant increase in home working due to the
2020 COVID-19 pandemic.
Detailed background information and guidance is available in our Data
Protection Audit Guidance Notes, available
here. These are designed to be used in conjunction with this audit template and
to guide you through the audit, step by step, providing important
background information to each section in the audit.
The audit is structured around the core principles of the UK GDPR and the
rights of data subjects. It is designed to assess and evaluate data
protection practice and compliance within your business across a number of
This audit template contains a large number of questions and will require
some time to complete; however please note that not all parts will be
relevant to all businesses. If a question does not apply to your business,
simply write “n/a” in response to it.
This document is also available in the
UK GDPR & Data Protection group.
The Data Protection Audit is divided into the following parts:
2. Data Protection by Design & Data Protection Impact Assessments
3. Staff Awareness and Training
6. Adequacy and Relevance
8. Data Transfers Abroad
9. Record Keeping
10. Data Retention and Deletion
11. Data Security
12. Data Breaches
Once you have purchased access to the appropriate document folder click on
the “Download Document” link below. You will be asked what you want to do
with the file. It is recommended that you save the document to a location
of your choice prior to viewing.