|
Data Protection Audit Service
McClure Naismith’s Information Law team can carry out comprehensive data protection
compliance audits of your business. Our audits are designed to determine the extent
to which your organisation is complying with the Data Protection Act 1998 and identify
where remedial action is required. The results of the audit can then be assessed
and changes implemented to ensure ongoing compliance with the Act.
Our Approach
To help you understand what can be involved in a data protection audit, our approach
to auditing is based on the following methodology. This approach can be tailored
to meet your specific requirements and business needs. Just let us know what is
it you want.
|
Step 1
|
Scoping Exercise
|
|
|
We will agree with you the scope of the audit which you require. For example you
may want us to review the practices of your entire organisation or you may prefer
to limit the audit to a single area, function or department.
|
|
|
|
|
Step 2
|
Audit Plan
|
|
|
Once we have agreed the scope of the audit exercise with you, we will send you an
Action Plan supported with a timetable.
|
|
|
|
|
Step 3
|
Pre-audit questionnaire
|
|
|
We will ask relevant personnel to complete and return a pre-audit questionnaire.
This will allow us to understand what personal information is held and used within
your organisation, by whom and for what purposes.
|
|
|
|
|
Step 4
|
Staff Interviews
|
|
|
We will talk to relevant individuals within your organisation (whether or a one-to
one-basis or in small groups) to assess their awareness, understanding and compliance
with your organisation’s data compliance processes, procedures and policies.
|
|
|
|
|
Step 5
|
Review of documentation
|
|
|
We will review relevant documentation and procedures (such as your Notification,
your Data Protection Policy, your Privacy Policy, data protection / privacy notices,
data protection clauses used in employee terms and conditions and terms used in
contracts with third parties, staff guidelines and in-house training materials).
|
|
|
|
|
Step 6
|
Compliance Report
|
|
|
We will provide you with a written report setting out our findings, identifying
areas of non-compliance and making good practice recommendations. We will meet with
you to report on and discuss our findings.
|
|
|
|
|
Step 7
|
Implementation of recommendations (Optional)
|
|
|
Should you so wish, we would be pleased to work with you to implement the recommendations
contained within our written report.
|
Want to find out more?
For further information on our Data Protection Audit Service please contact
David
Gourlay on 0131 272 8377 or dgourlay@mcclurenaismith.com or
Euan Duncan on 0141
303 7814 or eduncan@mcclurenaismith.com. Once we understand your requirements, we
will be happy to provide a fee quote for delivering the audit you require.
Other data protection services
Our Information Law team provides a range of practical and commercially oriented
legal advice on data protection matters, including Data Protection Training (click here).
|