Data Protection audit / risk assessment service

Audit approach

DPA contains a provision giving the National data protection authority power to assess any organisation’s processing of personal data for the following of ‘good practice’, with the agreement of the data controller. Good practice is defined in the DPA as practices for processing personal data which appear to be desirable. This includes, but is not limited to, compliance with the requirements of the DPA. This is known as a consensual audit.

The benefits of a consensual audit include:

  • helping to raise awareness of data protection;
  • showing an organisation’s commitment to, and recognition of, theimportance of data protection;
  • the opportunity to use our  resources at no expense;
  • independent assurance of data protection policies and practices;
  • identification of data protection risks and practical, pragmatic,organisational specific recommendations; and
  • the sharing of knowledge with trained, experienced, qualified staffand an improved working relationship with the DPAThe focus of the audit is to determine whether the organisation has implemented policies and procedures to regulate the processing of personal data and that processing is carried out in accordance with such policies and procedures. When an organisation complies with its requirements, it is effectively identifying and controlling risks to prevent breaching the DPA.

    An audit will typically assess the organisation’s procedures, systems, records and activities in order to:

  • ensure the appropriate policies and procedures are in place;
  • verify that those policies and procedures are being followed;
  • test the adequacy controls in place;
  • detect breaches or potential breaches of compliance; and
  • recommend any indicated changes in control, policy and procedure.

    The scope will be agreed prior to the audit and in consultation with the organisation. It will take into account both generic data protection issues as well as any organisation specific concerns about data protection policies and procedures. It will also identify relevant data protection risks within organisations.

    If you need a quote please contact us.