You may have heard through LinkedIn that we are currently offering a FREE GDPR Audit Lite to businesses in Lincolnshire. But what even is a GDPR audit, and how do you know if you need one?
What is an audit?
The very mention of the term ‘audit’ makes us think about finances and accounts. Which in its granular form, is correct – an audit is about what you should be ‘doing’ in your business. This is either relative if you are contracted to do something, or you need to be compliant to a legislation within your industry.
A GDPR audit is therefore the same as a financial audit, simply replacing financial terms for GDPR and data. GDPR is applicable to all businesses, and by law you are required to follow this Act.
Why have an audit?
The Free GDPR Audit Lite begins with looking at data, before going into more detail about GDPR compliance. The audit looks are the following:
- What data are we collecting?
- Where are we storing the data?
- How do we protect and document the data?
- How long do we keep the data?
- Do we have a function for every piece of data?
- What is the process for honouring a request to delete data?
A Data Audit is fundamental if you are preparing to comply with the GDPR (which every business should!). It involves taking the time to think about, and document, what personal identifiable data your business holds, and how you use it.
Although conducting an audit may seem tedious, it is a simple process. It can be carried out by anyone within the business who has some knowledge of the GDPR. To give you a head start, here are the best 6 questions to address:
How do I carry out a data audit?
You need to begin by asking several questions about the data you hold. Think about listing the categories within the personal data you collect, and segment this out. List why you hold this data, and why you retain it. Check whether or not you store personal data – as this will open up a whole new ball game!
How did you collect this data?
Was it by collecting business cards, enquiries, directly from individuals, or third parties? Have you documented where this personal data has come from?
Where do you store this data? Is it in-house, in the cloud, in the UK or abroad?
Very importantly – what do you do with this data? How do you process it, do you share it? What safeguards do you have in place?
Ownership of the data – who controls it?
One that is always forgotten – how long do you keep the data you hold? What is the reason for storing it this long?
Documenting the GDPR audit will help you on your way to GDPR compliance, and these records form the evidence. This is vital in meeting the GDPR’s accountability principle.
After the Data Audit
The simple act of carrying out a Data Audit will demonstrate that you have started your GDPR compliance journey. Once your audit is complete, you need to consider the following actions:
- Meet your obligations in respect of data subject rights
- Deal with data subject access requests (SAR)
- Carry out data privacy impact assessments (PIA), where necessary
- Appoint a Data Protection Officer, if applicable
- Report serious breaches to the Information Commissioner’s Office (ICO)
- Put safeguards in place for the security and transfer of data
Benefits of the Free GDPR Audit Lite
To help businesses with their data protection audits, InfoLore have put together a Free GDPR Audit Lite. As the name suggests, this is a simple audit which we can complete with you. Following this, we can point you in the right direction for a further Data Audit, or an in-depth GDPR Compliance Audit.
Once you have completed your audit, there are many benefits. You will have minimised risks, improved data management (which is also great for marketing), and an accountable document trail. You will also have a greater ability to manage risks during projects, an improved reputation, and increased staff awareness.