The client
AMADA UK is part of the AMADA Group, a global manufacturer of high-tech sheet metal machinery including laser cutters, press brakes, punch presses, automation systems and associated software. Founded in Japan in 1946, the company has over 70 years of experience and has operated in the UK for more than 50 years. AMADA UK supports a wide range of industrial customers across the UK and Ireland and forms part of a global network of around 90 companies serving thousands of clients worldwide.
What did they need?
AMADA UK approached DPAS seeking a consultancy who could thoroughly audit their organisation’s data protection compliance levels with the various legislation. As a business that serves a plethora of customers all across the country, AMADA UK needed the help of experts in data protection to ensure that their practices, policies, procedures and documentation all met the required standards and that the personal data of their customers and staff was adequately safeguarded.
How did we help?
We therefore carried out a structured data protection audit for AMADA UK to assess its compliance and identify areas for improvement. The process was divided into five distinct stages, each designed to build a comprehensive understanding of the organisation’s current position and risks.
- Pre-audit questionnaire: We began by sending AMADA UK a pre-audit questionnaire containing 17 targeted questions. This helped us gain an initial insight into AMADA UK’s existing compliance levels.
- Offsite checks: A high-level review of AMADA UK’s documented policies, procedures and IT systems was carried out offsite. This included reviewing:
- Records of Processing Activities (ROPA and/or Information Asset Register)
- Post-GDPR data protection policies (including policies on breaches, individual rights, and assessments)
- Training records and existing GDPR audit reports
- The data protection risk register
- DPO registration details and job description (if applicable)
- Data flow maps and data sharing agreements
- Risks and potential gaps were noted ahead of the onsite assessment.
- Onsite audit: We visited AMADA UK’s premises to engage directly with stakeholders using a structured audit tool aligned with the ICO’s audit framework. This allowed us to assess the organisation’s culture, practices, and operational controls, encouraging open dialogue to surface any compliance risks that may not have been evident on paper.
- Audit report: Following the onsite work, we delivered a comprehensive board-level report outlining our findings. The report detailed identified risks and provided actionable recommendations to address weaknesses in policy, procedure, and practice. It served as an independent assessment of AMADA UK’s compliance, reaffirming the company’s commitment to data protection and identifying opportunities for improvement.
- End-of-audit meeting: We concluded the audit with a meeting to present and discuss our findings. This session provided AMADA UK with the opportunity to review next steps, prioritise remedial actions based on its risk appetite, and consider options for ongoing support and service delivery.
The result
As a result of the audit, AMADA UK were provided with a pathway to strengthening data protection standards and practices, in line with legislative requirements. AMADA UK can now demonstrate their commitment to data protection and information security as a result of this audit, showcasing how they make safeguarding personal information a priority.
What the client had to say
“We instructed DPAS to undertake a comprehensive UK GDPR audit of our company, and we couldn’t have been more satisfied with the service provided. From the initial consultation to the final report, the team at DPAS have demonstrated an exceptional understanding of the intricacies of GDPR compliance throughout.
Subsequently, DPAS has continued to provide us with support in other services such as compliance projects and training. The thoroughness and professionalism of their team is exceptional.
We would highly recommend DPAS to any organisation seeking GDPR consultancy services.”
— Mark O’Brien, Head of Compliance, AMADA UK
