skip to main content
shutterstock 2153884561 2

Data Protection Audit for Businesses

Audits tailored to your business to ensure you’re always on top of your data compliance.

Data Protection Audit for Businesses

We conduct data audits to improve your organisation’s data protection compliance with current UK data protection guidance and best practice. 

How does it work?

We will assess your organisation’s data protection framework and identify any areas of non-compliance or improvement, before moving on to any additional ‘best practice’ work.

As a starting point, we would review or create a map or Record of Processing Activities (“ROPA”) which maps and records an organisation’s processing of personal data.

To do this, we either conduct interviews with various staff members in an organisation who handle personal data on a regular basis or support you to undertake that process yourself.

The results of the interviews are then used to collate the information into one spreadsheet. After this, we identify what mandatory documentation needs updating and/or implementing before proceeding with any additional work which is considered good practice.

However, each audit is bespoke to each business, ensuring you get exactly the right support you need.


What does the data audit include?

  • Website and customer privacy notice (including cookies).
  • Employee privacy notice.
  • Data protection policy.
  • CCTV policy (if CCTV used on premises).
  • Personal data breach policy/procedure.
  • Data retention and deletion policy.
  • IT and communications systems/BYOD policy.
  • Subject access request policy/step-by-step guide.
Records and logs
  • Record of processing activities (over 250 staff and/or if you collect any special category data).
  • Record of personal data breaches.
  • Record of subject access requests.
  • Record of CCTV disclosures.
  • Record of DPIAs.
  • Record of LIAs.
  • Record of consents.
Additional data protection framework areas
  • Legitimate interest assessment.
  • Data protection impact assessment.
  • Review data sharing/processing agreements.
  • Website health check.
  • Data protection training.

Key Contact

alex craig
Partner and Head of the Commercial team
Legal Commentary

Also in Data Protection & Information Law

Our specialist team can help you succeed
We're based in Newcastle upon Tyne, but our people live across the North East and Cumbria, helping clients nationwide. Get in touch today and see how we make a difference.
Contact us

Contact the legal specialists

Let's get started - get in touch today and we'll put you on the right track.