data protection audit
DATA PROTECTION AUDIT AND REPORT
Our Data Protection Audit can help to ensure that all functions within your organisation are compliant in line with the General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act 2018.
The law requires you to demonstrate compliance, and a yearly audit is the perfect way to display that your organisation puts data protection at the forefront of its practices.
The audit will determine whether your controls, policies and procedures meet the requirements of the law. If there are gaps, the audit will also show how you can remediate them.
All of our auditors have a huge variety of industry experience including: Healthcare, Housing, Local Government, Councils, Ambulance Services, Retail, Recruitment, Utilities, Finance, Legal, Real Estate and more.
At DPAS we won’t just complete the audit and provide you with a report. We will work with you to design a project plan, so you can address any gaps confidently and mitigate risks.
PEACE OF MIND
Our audit and assurance tools are designed in line with the scope of the regulators audit. Therefore, you can be sure we have every area covered.
HERE WHEN YOU NEED US
You can call on us at any time after the audit has been completed to ask questions or for advice. We will help you every step of the way.
The scope of the audit will be structured into various sections. These are:
- Governance and accountability
- Training and awareness
- Records management
- Security of personal data
- Subject Access Requests and Individuals’ Rights
- Data Sharing
- Information Risk Assessment (DPIA) and Management
- Direct Marketing
- Freedom of Information (FOI)(where applicable)
Within each of these sections, we will pose a variety of questions to your organisation including questions about the processes, capabilities, policies and systems that you have in place. The aim of the audit is to fully encompass all areas within an organisation and identify gaps. A full scope is necessary in order to provide an incremental approach towards complete compliance in terms of data protection.