Data Protection audits and healthchecks deliver an effective assessment of personal data compliance and security. Each is tailored to the needs of the business and may be enterprise-wide, or limited to defined areas of interest such as Marketing, HR, Information Security, Data Operations, Call Centres and so on.
Assess your Data Protection Compliance
The first stage in any audit or healthcheck is to identify and map the flows of data into, within and outside the organisation. Further detailed evaluation and a gap analysis may be undertaken if required. Data Compliant’s data protection audits may include all or some of the elements below:
- Purpose: Defining purpose for each of the processes for which your data is collected
- Legal Basis: Assessing legal basis for processing the data
- Principles: Assessing your level of compliance against the six data protection Principles
- Accountability: Assessing your compliance with good Governance, Record-Keeping and an Accountability Framework
- Subject Rights: Assessing your ability to meet enhanced data subject rights
- Transparency: Analysing your privacy notices and permission statements
- Third Parties: Considering your third-party data relationships and data agreements
- Awareness and Training: Evaluating level of staff awareness and ongoing training
- Policies and Processes: Reviewing data protection policy and process documentation
A written report, tailored to your individual requirements, will highlight areas of concern and identify issues needing further investigation or remedial action. The gap analysis and risk assessment document will include:
- Areas of non-compliance or risk
- Risk mitigation advice
- Risk mitigation prioritisation
Implementation
Data Compliant will assist with the implementation of mitigation advice provided, if and as required by the organisation.