Data Protection Audit Legal Services for Businesses
We conduct data audits to improve your organisation’s data protection compliance with current UK data protection guidance and best practice.
How does it work?
We will assess your organisation’s data protection framework and identify any areas of non-compliance or improvement, before moving on to any additional ‘best practice’ work.
As a starting point, we would review or create a map or Record of Processing Activities (“ROPA”) which maps and records an organisation’s processing of personal data.
To do this, we either conduct interviews with various staff members in an organisation who handle personal data on a regular basis or support you to undertake that process yourself.
The results of the interviews are then used to collate the information into one spreadsheet. After this, we identify what mandatory documentation needs updating and/or implementing before proceeding with any additional work which is considered good practice.
However, each audit is bespoke to each business, ensuring you get exactly the right support you need.
What does the data audit include?
- Website and customer privacy notice (including cookies).
- Employee privacy notice.
- Data protection policy.
- CCTV policy (if CCTV used on premises).
- Personal data breach policy/procedure.
- Data retention and deletion policy.
- IT and communications systems/BYOD policy.
- Subject access request policy/step-by-step guide.
- Record of processing activities (over 250 staff and/or if you collect any special category data).
- Record of personal data breaches.
- Record of subject access requests.
- Record of CCTV disclosures.
- Record of DPIAs.
- Record of LIAs.
- Record of consents.
- Legitimate interest assessment.
- Data protection impact assessment.
- Review data sharing/processing agreements.
- Website health check.
- Data protection training.