What is a DPA audit?
An audit provides an assessment of whether your organisation is following good data protection practice. Audits play a key role in assisting organisations in understanding and meeting their data protection obligations. The audit looks at whether you have effective policies and procedures in place and whether you are following them and includes recommendations from the ICO on how to improve.
What areas does an audit normally cover?
An audit can include all or some of the principles of the Data Protection Act (DPA). Examples of areas which may be covered in an audit include:
- data protection governance, and the structures, policies and procedures to ensure DPA compliance;
- the processes for managing both electronic and manual records containing personal data;
- the processes for responding to any request for personal data, including requests by individuals for copies of their data (subject access requests) as well as those made by third parties, and sharing agreements;
- the technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form;
- the provision and monitoring of staff data protection training and the awareness of data protection
Where agreed with a public authority, the audit can include looking at handling requests made under the Freedom of Information Act. We agree a scope of work with you to make sure the audit is targeting the areas of most interest to both you and the ICO.