Search

How can we help?

Privacy and Data Protection

Audits

 

Audits help organisations to understand and meet their data protection obligations. The audit will check the effectiveness of controls in place and look at the suitability of your policies and procedures.

Our lawyers can conduct a full compliance privacy health check of your business including a review of any technical and organisational measures employed, providing clear and practical recommendations.

“Very professional, knowledgeable and accessible lawyers.” 

Chambers and Partners

FAQs – Audits

A data protection audit assists a business in understanding what personal data the organisation collects and processes. It is carried out to ascertain if the organisation is compliant with the data protection laws and it will usually assess the organisation’s procedures, systems, records and activities.

In order to:

  • Make sure the appropriate policies and procedures are in place.
  • Confirm if those policies and procedures are being followed and enforced.
  • Evaluate the effectiveness of existing controls.
  • Identity actual or suspected breaches of compliance.
  • Suggest any necessary improvement to control, policies and procedures.

The UK GDPR includes an accountability principle which requires a controller to demonstrate compliance with the data protection principles of the UK GDPR. An audit is one of the ways in which a controller can demonstrate accountability. Although the UK GDPR does not directly apply to processors, both controllers and processors have compliance obligations and an audit is one of the ways which can demonstrate compliance.

This depends on the size and complexity of the organisation. At minimum, a data protection audit should be performed once each year. If there are several areas that need to be improved, you should consider working on those areas more regularly until the organisation is confident that it is compliant with the data protection regulation.

In summary, the data protection audit is likely to cover governance and accountability; security measures in place; whether data is transferred outside the UK and arrangements for such transfers; and whether there are procedures for data subjects’ rights, amongst other areas. The nature of the audit will depend on the specific organisation and method of audit.

If the organisation has a data protection officer (DPO), they will likely oversee the audit. If the organisation has no DPO or Compliance Manager, then the business must select an auditor. The auditor will then decide whether to use a customised questionnaire audit or conduct a personal interview or a blend of both methods.

Key contacts

Read, listen and watch our latest insights

Pub
  • 26 March 2024
  • Privacy and Data Protection

AI Podcast: AI and Data Security

In the third and final podcast in our ‘AI Podcast’ trilogy, members of the data protection team, will be discussing how to use AI to process data safely. They will be looking closely at the risks for businesses and the types of data security protections you can put in place.

art
  • 26 March 2024
  • Privacy and Data Protection

Key considerations for data retention policies

In the ever-evolving landscape of data protection regulations, data retention stands as a crucial aspect of compliance and risk management for organisations across industries.

art
  • 18 March 2024
  • Privacy and Data Protection

Consent or pay: Issues and considerations, Meta’s potential breach

The ICO has stated that any organisation considering using “consent or pay” must ensure that the consent to processing of personal data for personalised advertising is being given freely, and is fully informed.

art
  • 13 March 2024
  • Privacy and Data Protection

21 March 2024 Deadline: Are your international data transfer agreements compliant?

If your organisation transfers personal data from the UK to another country, it needs to comply with statutory requirements to ensure adequate levels of protection for that data are in place.

art
  • 06 March 2024
  • Privacy and Data Protection

Personal Data Breaches – How do I deal with them?

This article will provide an overview of the steps to take when experiencing a personal data breach.

Pub
  • 05 March 2024
  • Privacy and Data Protection

How do I protect my business in the event of a personal data breach?

Don’t let your business fall victim to personal data breaches. Join Louise Keenan and Rebecca Dowle, for a quick overview of how to protect your business.