Data Protection Audits
If you get it wrong, could the bad publicity damage your business?
The Information Commissioner's Office pursues a policy of seeking maximum publicity for data protection breaches. Publicity about poor data handling practices could damage the reputation and credibility of your company, leading to loss of trust of potential customers or clients.
For an in-depth review of your organisation's data protection processes and procedures, let us come on site, to watch and listen to how your company acquires and moves personal information around your organisation and elsewhere. We speak to key members of staff to learn about personal data processing within the organisation and we review policies and procedures. The audit report highlights areas where data protection compliance could be improved as well as reporting on compliance risks. The report is backed up with practical advice and draft policies and procedures as necessary to bridge any gaps.
We have carried out audits for companies in the retail sector, book sales and distribution, schools, professional bodies, Housing Associations, the NHS, property management companies and marketing organisations.
Colleague reactions to data protection audits
Clients sometimes have concerns that staff will be wary of a data protection audit. Staff might feel that they are being investigated or that their autonomy at work is being undermined. In practice we have never encountered any negative reaction from staff. Typical reactions are that staff are pleased that management is taking action on data protection and “relief” is often expressed that their concerns about data handling can be aired. Many staff are grateful for the opportunity to raise data protection issues they have encountered and seek advice on specific areas of data protection. In particular, staff often report that it can be difficult to get a definitive answer to a data protection problem and clarity in how to address the issue in future. Having a data protection specialist on site gives staff access to advice and guidance and this is a key objective of the audit process.
For Peace of Mind
Once you have told us how your organisation handles personal information, we help pinpoint potential data protection risks and provide speedy, tailored, solutions to information risk management and e-commerce issues.
for peace of mind on data protection and e-commerce issues