Data Protection Made Easy – Data Protection Audits

Episode 143: Demystifying Data Protection Audits
Hosts: Philip Brining and Jasmine Harrison
Special Guest: Esther Adebiyi, In-house Auditor

Welcome to the Data Protection Made Easy podcast. In this episode, we’re diving into the world of data protection audits, demystifying the process, and providing you with the roadmap to compliance.

Data Protection News Of The Week

FCA Fines Equifax £11 Million: The FCA fined Equifax for its role in a massive cyber breach that exposed the data of millions of people worldwide, including the UK. This breach was entirely preventable and highlights the importance of data security.

TikTok Appeals €345m DPC Fine: TikTok is challenging a €345 million data privacy fine and compliance order issued by the Irish Data Protection Commission.

Air Europa Credit Card System Breach: Spanish airline Air Europa experienced a cyberattack on its online payment system, exposing customers’ credit card details.

ICO Seeks Sandbox Entrants for 2024: The ICO invites organisations to submit expressions of interest for the Regulatory Sandbox in 2024, offering assistance with data protection considerations during product development.

Yango in Talks with Dutch SA: Ride-hailing app Yango is in talks with the Dutch Supervisory Authority to demonstrate compliance with European data transfer and storage rules.

Google Shares Legislative Framework: Google introduces a legislative framework to protect children online, emphasising age-appropriate features and services.

Meta Challenges FTC’s Plan: Lawyers from Meta and the US government dispute the Federal Trade Commission’s plan to strengthen a 2020 privacy order.

AI Act Compromise Text: Discussion papers on the EU Artificial Intelligence Act (AI ACT) are circulated, including topics like fundamental rights, sustainability obligations, and workplace decision-making.

UK Government Recruiting Deputy Director AI International: The UK government is seeking a Deputy Director for AI International to shape international discussions on AI policy.

UK Government Announces £400,000 Fund to Tackle AI Bias: The Fairness Innovation Challenge offers funding to UK companies for innovative solutions addressing AI discrimination.

Stack Overflow Layoffs: Stack Overflow announces layoffs due to advancements in AI chatbots that can provide more specific coding help.

US Facial Recognition App Clears UK GDPR: Clearview AI avoids fines in the UK after a first-tier tribunal rules that the ICO lacked jurisdiction.

Half a Million Donors’ Data Languishes: Data privacy concerns hinder the use of data from a genetic database initiative, resulting in a loss of valuable health information.

AI Corner

Microsoft’s New AI Assistant: Microsoft introduces Microsoft 365 Copilot, an AI assistant embedded into its office apps, capable of summarising meetings and assisting with various tasks.

AI Headteacher: A private boarding school in the UK appoints an AI robot named Abigail Bailey as its principal headteacher.

How to Write an AI Policy: Guidance on creating an AI policy to address the use and development of AI technologies.

Main Discussion: Understanding Data Protection Audits

What Are Data Protection Audits: Data protection audits assess an organisation’s compliance with data protection obligations, identify risks, and provide best practice recommendations.

Role of Audits in GDPR Compliance: Audits ensure the existence of effective controls and policies to support data protection obligations.

Legal and Regulatory Framework: UK data protection law is governed by GDPR, the Data Protection Act 2018, and PECR, which relates to personal data through cookies and direct marketing.

Data Protection Audit Process: Discuss the key steps in conducting internal and external audits, emphasising data mapping, inventory, and assessing data security and privacy controls.

Common Audit Findings and Challenges: Share common audit findings, challenges organisations face in addressing recommendations, and the implications of non-compliance.

Best Practices and Tips: Offer best practices for preparing for audits, staying compliant, and addressing audit findings effectively. Highlight the role of awareness and training in successful audits.

This episode provides a comprehensive understanding of data protection audits, their importance, and practical tips for compliance. Stay tuned for more insights on data protection and cybersecurity.

Listen to the full episode by clicking on the player above

Download The ICO’s Audit Handbook Here