Skip to main content

Workplace Data Privacy Audits

The General Data Protection Regulations place greater emphasis on the documentation that data controllers must keep to demonstrate compliance. Businesses need to be clearer and more transparent about what data they process and how. The rules around this are changing and the consequences for getting it wrong are far greater.

The first step in getting to grips with this will be a data protection audit to understand where you might need to improve to comply with the GDPR.

The audit is tailored to your particular requirements, but will usually involve looking at the following:

  • Are relevant and appropriate data protection policies and procedures in place
  • What categories of data are processed by the organisation
  • Whether privacy impact assessments will be needed for specific ‘high risk’ areas
  • What Privacy Notices are in place
  • Comprehension of data protection responsibility, knowledge and training
  • How the organisation would deal with data subjects’ rights
  • Practices surrounding data accuracy and retention
  • Security of personal data
  • The legal basis for cross border data transfers, if applicable
  • Data sharing with third parties

We can then help you assess where improvements need to be made or gaps need to be filled in order to be compliant with the GDPR.

For more information see our Data Privacy Audit brochure.

Related items

Related services

Cookie consent is a box-ticking exercise after all!

16 October 2019

The European Court of Justice (ECJ) has provided welcome clarity on the consent requirements around the use of cookies by website operators. As if it were ever in doubt, pre-ticked boxes cannot be used as a means of obtaining a website user’s consent to the use of cookies.

The General Data Protection Regulation for employers

06 July 2018

The General Data Protection Regulation (GDPR) is European legislation affecting all organisations that hold personal data on living individuals. It aims to ensure that organisations using and processing personal data do so fairly and lawfully and gives a number of rights to individuals in terms of how they can access their data and influence its use.

International data transfers - are model clauses now under threat?

05 October 2017

Many of you will remember Max Schrems, the Austrian law student who in 2015 successfully brought a case to the European Court of Justice (“ECJ”) that resulted in the “safe harbor” - the agreement that allowed the transfer of EU citizens’ data to the US - being declared invalid.

Data Academy - FULLY BOOKED

26 September 2017

This is a half day data conference comprising interactive sessions, speakers from Lewis Silkin, Accenture and industry specialists.

Back To Top