Amberhawk

Tel: 0845 680 2623 Email: info@amberhawk.com

HOME

TRAINING

BOOK DATA PROTECTION

BOOK FREEDOM OF INFORMATION

BROCHURES, DATES, COSTS

AUDIT, SECURITY, PIA AND IA

ON-SITE INFORMATION LAW

FAQs

ABOUT AMBERHAWK

POLICY DOCUMENT DOWNLOADS

TESTIMONIALS

THE SHELAGH GASKILL BURSARY

USEFUL LINKS

USE THE HELPLINE

COMPLIANCE & CONSULTANCY

BLOG

CONTACT US

Data Protection audit

The personal data audit will cover:

identifying what data the client processes, and whether or not these data are personal data and subject to the 1998 Act;
the methods used for the collection of personal data, which may be attendance at events or trade fairs, using telephone scripts, on websites, by application and order forms etc, and the application of the appropriate fair processing notices to those collection methods;
the rules of legitimacy of processing which apply to those collection methods and to the data collected and the justification for the processing of sensitive personal data;
whether personal data are relevant to the processing and whether they are destroyed at the appropriate time;
the disclosures of personal data made by the organisation (so that, for example, a list of third party disclosures can be compiled) and disclosures which result in the transfer of personal data outside the UK;
the information needed to enable contracts with data processors to be put in place;
information on subject access and identification and verification procedures, and an analysis of the storage and archiving processes for both manual and computerised data; and
requirements for notification of the details of processing with the Information Commissioner.

In relation to the security of processing, we are guided by the requirements in ISO27001 - the Code of Practice for Information Security Management. We can make recommendations as to whether the levels of security achieved - logical, technical, physical, and operational - are in line with industry sector standards.

Once the data protection audit is complete, the raw data on the audit forms can be converted into meaningful information. As this step is the most time-consuming part of the whole audit exercise, we will discuss the best way of producing the results in a form most appropriate to our client.

The output of the analysis is usually an audit report for each of the business units within the client organisation together with an information flow diagram for the whole of the organisation. At the back of each audit report we provide you with every tool you need to achieve total compliance, such as internet and email policies, staff operating manuals, fair processing notices or telescripts to fit in with existing collection methods, and pro-forma data processor contracts.

Our aim is to establish a practical and efficient data protection regime which can be maintained and managed by the client's trained staff.

We can, where requested, revisit your organisation six months after an information audit, to check that procedures have been implemented and that compliance with data protection obligations have been fully achieved.

Back to Compliance Advice