Making The Most Of Your Data Protection Audits

As always, we kicked off this week’s episode of the Data Protection Made Easy Podcast by discussing the news of the week and sharing our views and opinions, we had quite a lot to talk about in this week’s news section but we cut it short as we had a special appearance from one of our founders Phil Brining who is the main auditor here at DPP, It’s the first time Phil Brining has been on the podcast in over 3 months and he was welcomed back with open arms with tonnes of engagements in the chat, plenty of links and free tools shared.  

Earlier this week Phil authored an article on audits titled ‘A Common Framework For Auditing GDPR Compliance’. Phil has a genuine passion for auditing and has not only worked with a wide range of organisations conducting compliance audits himself, but he has also reviewed many auditors‘ works expanding his knowledge and understanding every time. 

Phil: “The one thing that strikes me most is the wide variation in what auditors look at, how they characterise and describe compliance, how they evidence their assessment and the recommendations they make.” 

Phil kept our audience entertained with some horror stories from his years of auditing, towards the end of the session he speaks about visiting an organisation that claimed to host their data on the cloud, he later opened a cupboard filled to the brim with servers, when he asked what the reason was, they said it was a “back-up”. These sorts of stories are so common and hilarious to look back on however, at the time, they can cause countless sleepless nights and a considerable amount of stress for our consultants, and I am sure anyone else in our profession.  

Our listeners shared some of their own experiences with one listener saying: 

“I was undertaking an internal audit once and found an unsecured drawer full of Special Category Data (SCD) with a GDPR eLearning completion cert on the very top of the pile”  

This is hilarious looking back and incredibly ironic however to discover this as a DPO or consultant is incredibly frustrating and a potential precursor to some far worse data processes.  

Here are the links mentioned in this week’s episode:

The Data Protection and Digital Information Bill – https://www.mishcon.com/news/the-data-protection-and-digital-information-bill-an-initial-view 

ICO Training Materials Provided To Their Internal Staff: https://ico.org.uk/training 

ICO Conference Feedback: https://ICO.welcomesyourfeedback.net/eopbyp 

Parliamentary Bills –  https://bills.parliament.uk/bills/3322 

During the discussion, Phil mentioned that the ICO originally put together an audit guide which had a step-by-step breakdown of what to do and when. Download it here: ICO Audit Handbook 2001 data_protection_complete_audit_guide

Sign up and join our Community

If you would like to join us on future episodes of the Data Protection Made Easy Podcast where we host our sessions live, reach out to one of the team or sign up through our events page. Data Protection Made Easy now has over 1000 subscribers with new listeners tuning in every week. With 85 available episodes on Spotify and Apple Music, Data Protection People have the #1 data protection podcast in the UK and perhaps the world. We would like to continue hosting these sessions as we find the community invaluable, we do however need you, the listener, to tell us what you are intrigued by, and what topics would be beneficial for you to learn about?  These discussions are as much for our community as they are for us, we want to discuss content that brings real value to our audience and assists everyone on the shared mission to make data protection easy! 

Finally, if you tuned in to this week’s episode and enjoyed the session we would love some feedback, please visit trust pilot to leave your opinion: https://uk.trustpilot.com/review/dataprotectionpeople.com