LET US HELP

BY CHECKING YOUR COMPLIANCE

YOUR COMPLIANCE
IS OUR BUSINESS:
AUDIT AND ASSURANCE

WHY DPAS FOR YOUR DATA PROTECTION AUDIT?

With close to 20 years of data protection experience, we formed the Data Privacy Advisory Service to provide organisations with a pragmatic approach to reviewing data protection. 

 

We are not your average compliance company, driven simply by numbers and ‘red-tape’. We care about the organisations we work with, and the data that they hold on customers and employees. It is important to us that the services and products we provide are useful, accurate and clear.

 

Following working with a number of client’s within different sectors, including the recruitment industry, we are able to provide a strong assessment of what best practice looks like and whether an organisation is operating within the parameters set out in the ICO’s (the regulator’s) guidelines. The tools which we have created are an efficient and effective way of moving towards compliance. 

OVERVIEW OF OUR AUDIT

Our Data Protection Audit can assist in ensuring that all functions within an organisation are compliant in line with the General Data Protection Regulation (GDPR). The law requires you to demonstrate compliance and we have designed our audit product to mirror the one the regulator would use when you are being investigated for a data breach.

The audit and subsequent report can be used by your organisation to target your resources to key areas of compliance and data security.

The tools by which we audit are an effective way of collating information on key business processes, policies and systems and highlighting areas for improvement or where there may be issues within your organisation. The initial discovery comprises of sectioning key functional business areas into a number of subsections – those which are audited by the ICO. These sections are then scored depending on the level of compliance currently achieved (these scores are weighted). From this discovery piece we can then provide you with a report containing the information collected and heat maps per organisational department. The heat maps and charts indicate the more urgent areas but will still list areas for improvement which are less high risk.

 

Both the heat maps and full report are beneficial in determining areas for focus and areas which are fully compliant. Dependent upon any gaps your organisation has, Data Privacy Advisory Service can provide further services around solutions and remediation plans where policies and procedures may be absent.

WHAT IS INCLUDED?

Audit Scope

The scope of the audit will be structured into the sections which the ICO have published are in their official audit.

 

These are: 

  • Governance and accountability

  • Training and awareness

  • Records management

  • Security of personal data

  • Subject access and data portability

  • Data Sharing

  • Information Risk Assessment (DPIA) and Management

  • Direct Marketing

  • Freedom of Information (FOI)

 

Within each of these sections, we will pose several questions to your organisation including questions about the processes, capabilities, policies and systems that you have in place. The aim of the audit is to fully encompass all areas within an organisation and identify gaps. A full scope is necessary in order to provide an incremental approach towards complete compliance in terms of data protection. 

Audit Approach 

1. Phone Interviews

Interview key personnel to complete our Audit Compliance Tracker to determine the first stage current level of compliance within the organisation and highlight immediate gaps. 

2. Offsite Checks

Carry out offsite high-level review of current documented procedures and policies and a list of systems in place. This is so that these can be discussed in full during the onsite assessment and initial risks can be identified beforehand. 

3. Onsite assessment

 

During the audit, our tool will be completed by assessing the risk behind structured sections with relevant stakeholders – these mirror those with the Information Commissioners Office (ICO) would review during their own audit. As good data protection requires a culture to be adopted by an entire organisation, it is important that we assist in encouraging an ‘amnesty culture’ whilst onsite. Employees must be truthful in relaying current ways of working to guarantee that any risks can be identified and therefore remediation plans put in place. 

4. Reporting

Once the onsite assessment is complete, we will produce an in-depth report highlighting all areas raised as a risk. This will additionally be translated into graphs and charts to highlight areas of higher risk and aid in prioritisation moving forward – each section will be scored by the weightings of the questions within the auditing tool. Dependant upon the risks found, DPAS can provide further support and services in moving towards 100% compliance against the report produced. The graphs and charts within the audit tool will allow a visual representation of your status of compliance as steps are put in place. For example, areas which were previously red and require ‘major work’ may turn to blue ‘compliant’ if the suggestions DPAS make are actioned. 

BENEFITS

We understand that organisations don’t always have a significant amount of time or resource to ensure compliance across departments. The timescale of our audit is 2 days in total including an offsite review, onsite assessment and the completion of the final report. After the onsite data discovery, we can produce a high-level report of your current state of compliance and key steps for improvement. The improvements will be advised on a priority basis – depending on which are higher risk.

An audit may highlight several aspects where your organisation is not currently compliant in regard to handing personal data. Data protection issues and risks can be identified through the series of questions with key stakeholders during the onsite assessment. Each section within the audit will be rated through our risk matrix, these areas can then be prioritised dependent upon the risks. This allows for the audit report to be specifically tailored to your organisation in particular, rather than a generic ‘ways of improvement’ report.

In addition to highlighting areas for improvement, an audit can raise awareness across an organisation of the change in culture that is required for compliance to the GDPR and general information and cyber security. The knowledge gained from an audit can then be transferred across departments.

PRICE

0-9 Employees (Micro) - FROM £1,000 

10-49 Employees (Small) - FROM £2,000 

50-249 Employees (Medium) - FROM £3,500 

250+ Employees (Large) - POA 

Please note prices exclude VAT at 20% and expenses for onsite days

CONTACT US

Contact us and find out how our Data Protection services can benefit your company.Before filling in the form please ensure you have read and understood our privacy notice.

 

10 Oaktree Place, Marsh Barton, Exeter,

Devon EX2 8WA

info@dataprivacyadvisory.com

01392 914019

  • Black LinkedIn Icon
  • Black Facebook Icon
  • Black Twitter Icon

©2019 Data Privacy Advisory Service Ltd. ALL RIGHTS RESERVED

LONDON | DEVON | YORKSHIRE

01392 914019

info@dataprivacyadvisory.com

 Privacy Notice

Please note all information on this website is for your help and guidance. It should not be regarded as an authoritative

or definitive statement of the law.