DPAS have had a very busy few weeks completing data protection audits for clients, old and new.
The driver is that customers come to us asking for an audit because they are being asked to demonstrate their compliance by their customers as part of a contractual due diligence process. Most have said that the customers they are working with have asked for proof that they are adhering to the new legislation.
Many discussions have taken place with clients old and new explaining that GDPR voluntary certification is months away and information security standards such as ISO27001 already exist, still, clients want validation of their work to date and an analysis of the work still to be done. So to meet this demand we produced a validation audit of the work done to demonstrate compliance.
To bridge this gap, we have used our team of skilled data protection practitioners, DPOs and ISO27001 auditors, to put together a ‘DPAS’ audit, report and completion of audit award to enable organisations to demonstrate their current level of activity. Some clients like to share this with customers, employees and suppliers.
The resulting audit report is used by organisations to target limited resources to key areas of compliance and data security to ensure that you are protecting data in line with the GDPR, Data Protection Act 2018, PECR et al.
The tools by which we audit are an effective way of collating information on; key business processes, policies and systems and highlighting areas of good practice, areas of improvement and areas of compliance risk within your organisation.
The initial audit discovery comprises reviewing key functional business areas. These areas are then scored depending on the level of compliance currently achieved (these scores are weighted). Following that process, we produce this report which analyses the information collected to produce heat maps, before detailing the level of compliance within each organisational department.
Both the heat maps and full report are beneficial in determining areas for focus, areas of risk and areas of good practice.
The report is independent assurance of the extent to which your organisation, within the scope of this agreed audit, is complying with the current data protection legislation. Dependent upon any gaps your organisation has, Data Privacy Advisory Service can provide further services around solutions and remediation plans where policies and procedures may be absent and
Here are some snapshots from our report:
If you are interested in talking to one of our auditors, or consultants about arranging an onsite audit, please get in touch on 01392 9140919 or email firstname.lastname@example.org.