A data protection audit is an excellent way to thoroughly assess your business' policies and procedures which it has in place to comply with the Data Protection Act.
Further, the audit is able to identify whether those procedures and policies are being implemented by the employees within the business. It is often the case that the data compliance officer within the business is not equipped to perform the audit and it makes sense from an economic and efficiency point of view to turn to our data protection solicitors at Pannone.
We understand that time and cost may impact on a decision to audit the whole business. Therefore we work to identify whether your whole business is responsible for collecting and processing personal data or whether the audit can be limited to particular departments or branches. In organisations where data processing is the same in several departments we can limit the extent of the audit to prevent duplication of results, in turn saving time and cost.
The following list is a broad outline of the issues considered in undertaking a data protection audit:
- classification of the group of individuals whose personal data is held
- identification of the type of personal data collected including "sensitive data"
- establishing how the personal data is collected and in what format
- establishing the purposes for which the personal data is collected
- identifying whether consent to the processing was obtained at point of collection
- ascertaining the relevance of the data to the purpose for which it is processed
- ascertaining where and for how long the data is held for and how it is kept accurate
- determining the procedures in place to ensure compliance with the subjects' rights
- considering the security measures in place to protect the personal data from unauthorised access
- ascertaining the extent of disclosures to third parties of the personal data
- identification of data processors and the contracts in place with them requiring compliance
- establishing whether data is being transferred outside of the EEA
Having collected the audit information our team of data protection solicitors will construct a comprehensive report to identify and evaluate where the business is falling short of compliance with the legislation. From this they will go on to produce advice on how to resolve any issues identified and how this advice can be implemented.
Data protection solicitors
To arrange a discussion with a data protection solicitor click here or call us on 0800 840 4929.
