Policy Documents
Process Documents
Procedures
Premises Inspection
A data protection audit can be as simple as checking that records the data says are in a particular location are actually in that location. At the other end of the spectrum is an investigation to the detailed function of a process, often where an issue has occurred.
The Sentry system provides an excellent location to build up the history of the audits that you’ve conducted. However, what if you need some assistance in performing the audits in the first place?
GDPR Sentry can help by providing experienced auditors who can visit your site and who are trained to spot issues and bring non compliance to the surface.
Each school, college, trust or university will have specific requirements for an audit, but we’ve drawn together three of the most common tasks that we’re asked to carry out.
This is the audit we do when bring on a new customer for our outsourced data protection officer service. It’s a combination of paper and practice so looks at the policies and procedure that are supposed to be operating and then at what is actually happening on the ground.
Like all audits, if you specifically prepare then you may get a good report card, but may have swept serious issues under the rug. These are not mandatory audits and you owe it to your organisation to learn as much a possible.
For large organisations with many departments or locations you might need a series of these audits to get full coverage. Talk to us and let us build a custom plan for your organisation.
Policy Documents
Process Documents
Procedures
Premises Inspection
Summary Report
Non compliance
Recommendations
On site: 4 Hours
Report Delivery: 1 week post visit
As well as getting a view on your status at any time it’s important be able to judge the direction that you’re travelling too. A programme of surveillance audits is one way to monitor that direct.
We establish with you a basket of measures that can be assessed relatively quickly. Examples might be the way that incidents are dealt with, management of consent or the amount of data passed to third parties.
The other part of the process is based on on-site walk-rounds scoring for consistent items. Again overt preparation for the audit can invalidate the results. We can help design the programme, provide training to your assessor or deliver the audits directly.
Procedures
Premises Inspection
Summary Report
Non compliance
Recommendations
On site: 2 Hours
Report Delivery: 1 week post visit
Sometimes processes and procedures fail, sometimes it’s clear that improvements need to be made. It not always so easy to decide what needs to be changed. This is where the Deep Dive comes in. Pick whichever diving metaphor you want but this is about total immersion in a small part of the overall process map.
If you ask us to undertake this service it will be on the basis of an additional confidentiality agreement. We’ll then need you to allow us access to all the available information and to spend time talking to people who fully understand the issue. We will probably request to take copies of information away for further study.
Once the analysis is complete we will produce a reports explaining our finding and making suitable recommendations.
Procedures
Process Mapping
Staff interviews
Physical Inspection (where appropriate)
Summary Report
Non compliance
Recommendations
On site: 2 days
Report Delivery: 2 Weeks after data collection complete
GDPR Sentry Limited
Unit 434 Birch Park
Thorp Arch Estate
Wetherby
West Yorkshire
LS23 7FG
0113 804 2035
info@gdprsentry.com
Registered in England under Company Number: 11093693