 As the need to ensure privacy of personal data is maintained, more organisations are coming to realise that they need to assess their privacy practices to reduce the risk of breaching Data Protection legislations.
The rise in identity theft has led to a call for more stringent penalties on organisations deemed negligent or careless in their processing of personal data.
Organisations that breach data protection legislation stand the risk of losing customer confidence, share price devaluation; call for executives to resign and in certain circumstances may be asked to cease business activities until they comply.
Carrying out a data protection audit can be an effective strategy to obtain an overview of personal information flows and can assist organisations in complying with relevant legislation relating to the collection, processing, maintenance, transmission, disclosure and destruction of personal information.
It is to be noted that the aim of conducting a Data Protection Compliance Audit goes beyond the requirements of fulfilling information security. It addresses broader aspects of data protection, which encompasses:
- Apparatus for making sure that information is obtained and processed fairly, lawfully and on a proper basis.
- Quality Assurance which means making sure information is accurate, complete and up-to-date, adequate, relevant and not excessive.
- Retention, appropriate filtering and deletion of information.
- Documentation on authorised use of systems, e.g. codes of practice, guidelines etc.
- Compliance with data subjects rights, such as subject access.
Organisations can determine whether they comply with the provisions of the Data Protection Act by performing a Data Protection audit. The benefit of conducting such an audit is that it will show the organisation its true position in relation to its fulfilling obligations relating to Data Protection. It will identify where the organisation does not meet its obligations and provide an instant gap analysis which can be used to highlight areas that need to be improved.
As an example, a Data Protection audit can be used to identify internal practices, which may need to be harmonised between various parts of the organisation to ensure compliance with the processing, and transfer of personal data.
In conjunction with our data protection audit service we also provide data protection advice in the following areas:
- Data protection clause reviews.
- Data protection training courses
|
