Workplace Data Privacy Audits
The General Data Protection Regulations place greater emphasis on the documentation that data controllers must keep to demonstrate compliance. Businesses need to be clearer and more transparent about what data they process and how. The rules around this are changing and the consequences for getting it wrong are far greater.
The first step in getting to grips with this will be a data protection audit to understand where you might need to improve to comply with the GDPR.
The audit is tailored to your particular requirements, but will usually involve looking at the following:
- Are relevant and appropriate data protection policies and procedures in place
- What categories of data are processed by the organisation
- Whether privacy impact assessments will be needed for specific ‘high risk’ areas
- What Privacy Notices are in place
- Comprehension of data protection responsibility, knowledge and training
- How the organisation would deal with data subjects’ rights
- Practices surrounding data accuracy and retention
- Security of personal data
- The legal basis for cross border data transfers, if applicable
- Data sharing with third parties
We can then help you assess where improvements need to be made or gaps need to be filled in order to be compliant with the GDPR.