Products & Services

GDPR Audits

A range of high level reviews, detailed audits and mid-range assessments to test compliance with data protection laws and standards

GDPR & Data Protection Audits

Areas of assistance

Getting us to carry out an audit gives you peace of mind that an independent expert assessor has reviewed your arrangements. Our off the shelf audits cover:

Data Protection Compliance Review

High level review of data protection compliance management arrangements.

GDPR benchmarking and gap analysis

Review of data protection compliance management arrangements and benchmark report (avge 4 to 5 days)

GDPR Audit

Detailed audit of data protection compliance management arrangements or parts thereof (min 3 days)

BS10012 Audit

Audit of compliance with British Standard BS10012 PIMMS

PECR Audit

Review and report of compliance with the Privacy and Electronic Communications Regulations (2003)

ISO27701 PIMMS Audit

Audit of compliance with ISO27701 PIMMS

Cyber Maturity Assessment

PCI DSS assessments

Products & Services

Aims of data protection compliance audits

Our GDPR and data protection audits are designed to give you an independent assurance that your're meeting the requirements of the law. We've got a range of audits whose aims are: Independence, Expert, Flexible, Evidence-based, Useful, Actionable, Comprehensive and Repeatable/Comparable

  • Mechanisms for ensuring that information is obtained and processed fairly, lawfully and transparently.

  • Data quality assurance - ensuring that information is accurate, complete and up-to-date, adequate, relevant and not excessive.

  • Compliance with the data protection legislation in the context of other pieces of legislation such as the Privacy and Electronic Communications Regulations.

  • Data minimization – ensuring that a minimum of data is collected and not retained any longer than is necessary.

  • Documentation on authorised use of systems, e.g. codes of practice, guidelines etc.

  • Compliance with individual’s rights, such as subject access requests.

Why should organisations audit?

The key reasons for carrying out data protection audit activities are to:

  • Check what you think is in place is actually in place.
  • Test that what is in place is adquate and appropriate.
  • The GDPR requires you to test controls. You need to build a body of evidence of compliance to create a defensible position.
  • It’s good to benchmark your controls and approach against others.
  • Provide assurance to management heirarchies. Highlight problem areas to the business.
  • Use audits to obtain budget.

Audit objectives

When carrying out a data protection audit for an organisation DPP will look to:

  • Verify that there is a formal (i.e. documented and up-to-date) data protection system in place
  • Verify that all the staff in the area involved in data processing are aware of the existence of the data protection system
  • Ensure that all staff involved in data processing understand the data protection system
  • Verify that staff involved in data processing use the data protection system
  • Verify that the data protection system in the area actually works and is effective

GDPR Audits

Book a chat with our team

If you would like to learn more about our audit services reach out to one of our team and we can discuss the many ways we can support you.

Get in touch

We're here to help guide you through the complexities of data protection, and help make it easy to implement. Get in touch with our world-class team today, to see how we can assist you and your organisation with every aspect of data privacy compliance.

We're are specialists in data privacy compliance management, information governance, and information security management. Through our security consulting services, we helping organisations across Europe to secure their most important asset – their data.

Get in touch with our team by completing the form, by phone, email, or in person at our office or yours. We're open Monday - Friday, 08:30am to 5:30pm GMT.

Tel: 0113 869 1290

Email: [email protected]