Data Protection Audit
This Data Protection Audit is designed to assist compliance with UK data protection legislation, most notably the UK GDPR (the retained EU GDPR) and the Data Protection Act 2018.
This document takes account of best practice and guidance that has developed since the original EU GDPR came into effect in May 2018 and was updated in 2020 to assist businesses in assessing risks and implementing new security measures in light of the significant increase in home working due to the 2020 COVID-19 pandemic.
Detailed background information and guidance is available in our Data Protection Audit Guidance Notes, available here. These are designed to be used in conjunction with this audit template and to guide you through the audit, step by step, providing important background information to each section in the audit.
The audit is structured around the core principles of the UK GDPR and the rights of data subjects. It is designed to assess and evaluate data protection practice and compliance within your business across a number of key areas.
This audit template contains a large number of questions and will require some time to complete; however please note that not all parts will be relevant to all businesses. If a question does not apply to your business, simply write “n/a” in response to it.
This document is also available in the UK GDPR & Data Protection group.
The Data Protection Audit is divided into the following parts:
2. Data Protection by Design & Data Protection Impact Assessments
3. Staff Awareness and Training
6. Adequacy and Relevance
8. Data Transfers Abroad
9. Record Keeping
10. Data Retention and Deletion
11. Data Security
12. Data Breaches
Once you have purchased access to the appropriate document folder click on the “Download Document” link below. You will be asked what you want to do with the file. It is recommended that you save the document to a location of your choice prior to viewing.