General Data Protection Regulations (GDPR) and the Data Protection Act (DPA) 2018 have imposed many new demands on UK businesses that store personal information. Moreover, it is vital for businesses to comply to avoid the associated punishments.
Checklist for a GDPR Audit
Performing an audit is necessary if you wish to adhere to GDPR. This means spending time documenting the personal details that your organization stores, and considering the usage of these details. However, every business should have the ability to carry out such an audit. It’s not likely that you will require an expert consultant or lawyer to assist you in this task.
Steps to Perform an Audit
To carry out a data audit, ask yourself a few pertinent questions about the information you store and record your answers
- What kinds of personal information do you keep? – Make a list of the information subject categories and other personal information you gather. For instance, existing staff information, information about previous staff, customer information, advertising databases, etc. Arrange this information by its’ nature, such as people’s addresses, names and purchasing track record.
- Why this information is storing? – Specify the reasons why you gather and keep this information. For instance, service enhancements, advertising, developing products, staff recruitment, system upgrades, etc.
- How is this information being collected? – Make a list of personal information sources. For instance, did you obtain it via third parties, or from people directly? Can you demonstrate your different data collection methods? What changes have to be made to ensure that your information processing complies with GDPR Act? – List the things that need doing to make your data handling policies adhere to the new laws. For example, you might have to delete information that has surpassed your retention timeframe, or information that you have gathered illegally.