Data Protection Audits
One of the key principles set out in the UK GDPR is the accountability principle. Article 5(2) of the UK GDPR states that “the controller shall be responsible for, and be able to demonstrate, compliance with [the principles] (‘accountability’).”
A data protection audit can be a valuable tool in complying with the accountability principle. It enables you to assess whether your organisation is following good data protection practice by examining the current state of play. Not only will an audit help you to determine the degree to which your current practices align with the requirements set down in the law, but it will also identify areas for improvement.
Document Templates Available
We offer an in-depth Data Protection Audit template and an accompanying set of Guidance Notes which are designed to work alongside the audit itself, providing background information and guidance for each section and question.
Our template Data Protection Audit is divided into the following sections, each of which contains a number of questions:
- Data Protection by Design & Data Protection Impact Assessments (see here for more information on DPIAs)
- Staff Awareness and Training
- Adequacy and Relevance
- Data Transfers Abroad
- Record Keeping
- Data Retention and Deletion
- Data Security
- Data Breaches (see here for more information on personal data breaches)