Fast effective GDPR audits

Get clear concise understanding of the risks in days
GET A QUOTE

GDPR and performing a Data Audit

For many business owners, GDPR can seem like a complicated piece of legislation. It is vitally important that you are compliant, otherwise you could face enforcement action, including a financial penalty.

You probably have many questions, and you may wonder whether a data audit is necessary for your organisation.

You may be asking yourself

  • How much will it cost?
  • How long will it take?
  • Will an audit interrupt the flow of my business?

You might be feeling overwhelmed and not sure where, or how, to begin.

Rest assured that we are committed to making your audit as efficient and cost-effective as possible while causing minimum disruption to you and your staff.

we are committed to making your audit as efficient and cost-effective as possible…

Why conduct a data audit?

The primary reason to conduct a data protection audit is to discover if your business is currently abiding by GDPR laws. An important first step towards GDPR compliance is for a business to determine what data they hold and where.

A data audit will establish:

  • What personal data you are collecting
  • The reason you are collecting that personal data
  • How that data is being stored and processed
  • Whether (or not) you are processing that data lawfully

Conducting a thorough data audit will provide your business with the information it needs to identify weaknesses (the gaps!) in your GDPR processes – areas that need to be changed or practices which may not be necessary.

Does my business need a GDPR audit?

If your business intends to comply with the GDPR, then carrying out a comprehensive privacy audit is the first step. A data audit is the best way for a business to establish its compliance with GDPR laws.

Seven Data Protection Principles are outlined:

  • Lawfulness, Transparency, and Fairness
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality
  • Accountability

You must obtain and use personal data in a fair and lawful manner.

Personal data must be stored no longer than is necessary.

Data must be collected for a specified purpose and held only long enough to achieve that purpose.

The data you hold must be accurate and you have an obligation to update or remove data that is inaccurate.

The data you hold must be protected against unlawful usage or accidental loss.

Appropriate methods must be used to securely maintain the data that you hold.

A professional data audit will determine if you are doing everything correctly and lawfully.

What penalties do I risk by not being GDPR-compliant?

Not complying with GDPR data protection laws can have serious regulatory consequences including notices of enforcement, fines and an order to stop processing – devastating if your business relies on the activity to operate.

Must small businesses comply with GDPR?

If your business processes personal data then you will need to be fully compliant with GDPR, regardless of your size.

Post Brexit GDPR – must I still comply?

UK businesses must still comply with GDPR laws even after leaving the EU.

Existing data protection legislation has been merged with new regulations to create a new ‘UK GDPR’ framework. The best thing for any business to do is to follow good practices to protect its individual data subjects, as well as itself.

Is a data audit a legal requirement?

No, the GDPR does not legally require a business to complete a data audit. An audit, however, is the only way of knowing if your business is compliant and if not, where the gaps are so they can be promptly and efficiently corrected.

You must have lawful reasons for obtaining and storing personal data, and you must do so in an appropriate legal manner. An audit will help you assess and strengthen your GDPR processes (and thus avoid potential penalties or other regulatory action for non-compliance).

gdpr audit

Is a data audit difficult?

Be assured, that our Privacy Team has many years of experience in conducting GDPR audits – it is a well-rehearsed process for us and we know what we are looking for.

Our auditor will ask several questions to obtain information necessary for the work, including, but not limited to:

  • What personal data does your company collect and store?
  • How is the data collected?
  • Why do you need to possess this data?
  • How is the data stored?
  • How is it secured?
  • How long is it kept?
  • How is the data used?
  • Who is the data shared with?

What data is protected by GDPR?

The GDPR applies to personal data and special category data. Personal data is information that relates to a person (a data subject) – not a company or organisation.

Some examples include:

Personal data:

  • Name
  • Address
  • Email address
  • Phone number
  • Date of birth
  • Employment details
  • Bank details

Special category data:

  • Sexual orientation
  • Religious beliefs
  • Political views
  • Biometric data
  • Health / medical data

Why should I use a professional GDPR data auditor?

Putting your GDPR audit into the hands of a qualified expert will ensure that a thorough and professional job will be done. An expert will perform an independent assessment of your business regarding your data protection needs.

  • We guarantee minimum disruption to your business.
  • We will work with you and your staff to suit your schedule.
  • We can offer a FIXED price for the audit.
  • We will take your risk appetite into consideration when drafting your report.
  • Our GDPR consultants will tailor your GDPR strategy to create a personalised plan of action.
  • Staff training is critical to ensure costly errors are avoided – we have a dedicated online portal that can instantly address this.

We offer a service that is cost-effective and time-efficient.

We will ensure your business achieves the necessary level of GDPR compliance and is able to easily maintain that legal status going forward.

Our independent assessment means that your business will be assessed in the same way that a regulatory body would conduct a review. Our experts know exactly what is needed to establish and maintain your GDPR compliance – and what is deemed “proportionate” for a business of your size.

An external GDPR audit demonstrates that you have taken steps to ensure that your business is compliant. It shows that you take your GDPR obligations seriously.

Why an Audit?

The objective of a data audit is to assess your business to check if it is GDPR compliant. This will include looking at how data flows through your business and identifying potential flaws in your system that could lead to a data breach.

Ensuring you are protecting data sufficiently is important, as is documenting your data flow so you can demonstrate your compliance.

What happens if my organisation has a data breach?

A data breach is broadly defined under the GDPR and a breach could include loss or destruction of personal data, data that has been unlawfully altered, personal data that has been disclosed deliberately or accidentally. This could include leaving a laptop unsecured in a public area with inadequate IT security protocols which allow unauthorised access to personal data.

If you become aware of a data breach, then you must take immediate action to contain the breach as well as take appropriate steps to remedy the situation.

Will I need to contact the ICO?

The Information Commissioners Office (ICO) should be notified if a breach has occurred that is likely to result in a potential risk to the rights of the individual/s whose data has been breached. Businesses should assess what types of breaches they may face as well as the potential risks to individuals (financial loss, discrimination, etc) those breaches could entail.

You would be required to provide the ICO with information including:

The type of breach, how it occurred and how many people are likely to be affected

  • What the potential consequences are due to the breach
  • What actions you are taking to remedy the problem
  • The contact details of your Data Protection Officer

How can I arrange a professional GDPR audit?

Get in touch and let us know your GDPR needs.

We will need to discuss your current procedures and ask questions about how you handle data and why. We will need to speak to members of your organisation who are involved in data collection. We will be able to discuss costs, work schedules and length of time necessary to complete the audit.

What happens after the audit is complete?

Once your GDPR audit has been completed, depending on your package, we will help you to create a Remediation Plan to ensure compliance is achieved over a manageable period of time.

You may need to change your procedures, ensure your data is more secure, and appoint a Data Protection Officer. You will then be secure in the knowledge that your business is GDPR compliant and you are able to demonstrate that with appropriate documentation.

What to do next:

  • Please contact us now and let us remove the stress of managing data compliance in your business.
  • We handle the complete scope of any data privacy requirement.
  • You can find out in a matter of hours where your gaps are…

Clear, Transparent Pricing

Just like the GDPR demands your processing be transparent at all times, our fees are also transparent – there are NO hidden, or unexpected costs. Everything is explained clearly to you in advance, ensuring you never exceed your budget.

GDPR Gap Analysis

A detailed comparison between your current data protection practices and requirements of the GDPR

From £2,500 +VAT

Based on a typical SME

  • GDPR Gap Analysis
  • Compliance and risk analysis
  • Document review
  • RAG report
  • Compliance action plan
GET STARTED

GDPR Compliance

Create an effective Data Protection Framework by addressing identified areas of non-compliance

From £5,500 +VAT

Subject to project scoping

  • Create or update relevant policies
  • Define and implement processes
  • Train on record management
  • Support ‘Data Protection Culture’
  • Guide on compliance and risk
GET STARTED

Outsourced DPO

Managing your Data Protection Compliance Framework and upholding Data Protection obligations

From £595 +VAT per month

Available from ½ day per month

  • Designated qualified DPO
  • Interacting with the ICO
  • Supporting DSARs & DPIAs
  • Conducting Due Dilligence
  • Guiding on compliance and risk
GET STARTED

GDPR Training

Training portal available as part of a package or as a standalone service

Online training
From £2.50 +VAT

per user per month

E-learning platform

  • GDPR/Privacy training
  • Supports Compliance Framework
  • Bespoke training programmes
  • In-person training for key staff
GET STARTED

Free PRIVACY HELPER GDPR / Cyber Security training starter pack available with any new project – terms apply.

Why choose us?

Click here to find out why we are a leading UK privacy consultancy.

ABOUT US

How much will this cost?

Our pricing structure is simple, straightforward and highly competitive. Head over to our pricing page and take a look at our most popular packages.

PRICING PAGE

What next?

Get in touch via our contact us page, tell us about your business and a member of our team will get back to you.

CONTACT US

Other services you may be interested in from PRIVACY HELPER

Security Icon

GDPR Consultancy

Our Privacy Team consists of expert data protection consultants in the fields of IT & Technical, Legal, Records Management and Marketing.

GET STARTED

GDPR Training Courses

An effective, demonstrable training programme can be the difference between the ICO imposing monetary fines – or not, even if your data privacy programme has just started.

GET STARTED

Marketing

Is your marketing activity legal? We can make sure it is.

GET STARTED