Data Protection Audits
Following the implementation of the General Data Protection Regulation (“GDPR”) in May 2018 the Data Protection landscape in the UK will change significantly and it is likely that many businesses will find themselves in breach of the Data Protection legislation and exposed to the prospect of fines from the Information Commissioner’s Office (“ICO”).
The starting point for any business which wishes to undertake a review of its Data Protection policies and compliance position will be to undertake a Data Protection audit. I can provide you with advice and support to undertake your audit to ensure:
- That the data which is held by your business is being processed lawfully and in compliance with the new legislation, this means that you will have obtained consent to the use of the data by the data subject and any marketing or fundraising activity based upon that data will be legally compliant.
- Your marketing activities will comply with the General Data Protection Regulation and the Privacy and Electronic Communications Regulations (“PECR”) which should mean that you minimise the risk of exposure to potentially substantial financial penalties.
- That you can map and identify data flow within your business. This means that you will understand where personal data is held, which employees can access that data and what use is made of the data.
- That you understand the obligation to apply “privacy by design” into new projects and policies in order to ensure that privacy of personal data is at the heart of any decisions which are made by your business in the future. The ICO has made it clear that “privacy by design” will be one of the key features which they will expect to see adopted by businesses after the introduction of the new legislation.
At the conclusion of the audit I will supply a report which will identify areas of weakness within your present systems and make recommendations for improvements in order to ensure compliance with the new legislation. As part of my service I will provide you with access to relevant guidance material which is published by the ICO and provide you with access to supplementary training material which I produce.
If you have any concerns about your data protection position, or the position of your business please contact me immediately for a confidential, free initial consultation.