GDPR Audit Services

Sometimes you need support in seeing how your organisation is performing. Auditing is one way of finding out.
The audit strategy for an organisation can be a unique blend of tasks. We’ve presented information about the ones we’re asked for the most.

What We Offer

A data protection audit can be as simple as checking that records the data says are in a particular location are actually in that location. At the other end of the spectrum is an investigation to the detailed function of a process, often where an issue has occurred.

The Sentry system provides an excellent location to build up the history of the audits that you’ve conducted. However, what if you need some assistance in performing the audits in the first place?

GDPR Sentry can help by providing experienced auditors who can visit your site and who are trained to spot issues and bring non compliance to the surface.

Each school, college, trust or university will have specific requirements for an audit, but we’ve drawn together three of the most common tasks that we’re asked to carry out.

Due Diligence

Approach

This is the audit we do when bring on a new customer for our outsourced data protection officer service. It’s a combination of paper and practice so looks at the policies and procedure that are supposed to be operating and then at what is actually happening on the ground.

Like all audits, if you specifically prepare then you may get a good report card, but may have swept serious issues under the rug. These are not mandatory audits and you owe it to your organisation to learn as much a possible.

For large organisations with many departments or locations you might need a series of these audits to get full coverage. Talk to us and let us build a custom plan for your organisation.

Delivery Details:

  • Coverage

    Policy Documents

    Process Documents

    Procedures

    Premises Inspection

  • Output

    Summary Report

    Non compliance

    Recommendations

  • Timing

    On site: 4 Hours

    Report Delivery: 1 week post visit

Surveillance

Approach

As well as getting a view on your status at any time it’s important be able to judge the direction that you’re travelling too. A programme of surveillance audits is one way to monitor that direct.

We establish with you a basket of measures that can be assessed relatively quickly. Examples might be the way that incidents are dealt with, management of consent or the amount of data passed to third parties.

The other part of the process is based on on-site walk-rounds scoring for consistent items. Again overt preparation for the audit can invalidate the results. We can help design the programme, provide training to your assessor or deliver the audits directly.

Delivery Details:

  • Coverage

    Procedures

    Premises Inspection

  • Output

    Summary Report

    Non compliance

    Recommendations

  • Timing

    On site: 2 Hours

    Report Delivery: 1 week post visit

Deep Dive

Approach

Sometimes processes and procedures fail, sometimes it’s clear that improvements need to be made. It not always so easy to decide what needs to be changed. This is where the Deep Dive comes in. Pick whichever diving metaphor you want but this is about total immersion in a small part of the overall process map.

If you ask us to undertake this service it will be on the basis of an additional confidentiality agreement. We’ll then need you to allow us access to all the available information and to spend time talking to people who fully understand the issue. We will probably request to take copies of information away for further study.

Once the analysis is complete we will produce a reports explaining our finding and making suitable recommendations.

Delivery Details:

  • Coverage

    Procedures

    Process Mapping

    Staff interviews

    Physical Inspection (where appropriate)

  • Output

    Summary Report

    Non compliance

    Recommendations

  • Timing

    On site: 2 days

    Report Delivery: 2 Weeks after data collection complete

Download Services Brochure

Contact Us