GDPR Audit

What is an GDPR audit?

A GDPR audit provides an assessment of how well your organisation is following best practice regarding GDPR.

An audit is a great way to help an organisation understand their GDPR obligations and areas of improvement.

The audit will ensure how compliant your organisation currently is against best practice and where more effective controls can be put in place, to support your data protection obligations.

But the key to an audit undertaken by Oasis Business Support is that we ensure we provide guidance, information and recommendations that are suitable and practical for your business.

We do not believe in over complicating GDPR for your organisation via systems and procedures, but instead to suggest better ways to work to incorporate your GDPR obligations throughout the organisation.

We will undertake an onsite or virtual assessment, where we will speak with key members of the organisation followed by a report presenting our finding and practical guidance, information and recommendations, to help you address these where appropriate.

The benefits of an GDPR audit?

An audit is an opportunity for you to develop and to gain a comprehensive understanding of how your organisation is currently complying and areas for improvement, but with practical recommendations and actions. During the audit, we will explain the principals of GDPR and unsure by the end, you have a clearer understanding of your obligations.

You will gain peace of mind and reassurance that your business is meeting its GDPR obligations, without it being an arduous part of your organisation.

You will benefit from the data protection knowledge and experience of our team.

We will provide you with a report of the audit which will detail best practice and approaches you can look to implement to achieve greater compliance.

It is an opportunity for you and your team to ask us questions and discuss relevant data protection issues.

What does an audit include?

Our audit is about helping you, and your organisation understand how well you are currently complying to your GDPR obligations and areas for improvement.

An audit will be either be undertake onsite or virtually if appropriate, where we will do a review and assessment of your organisation, to understand how your organisation operates and the current protocols and data handling processes in place.

We will have discussions with key people in your organisation so we can develop an awareness of the current day to day operational practices and relevant GDPR implications.

The more we understand about your organisation and how you are currently dealing with personal data, the more precise our recommendations and actions in our report.

Areas we will often cover in an audit are:

Data protection responsibilities, policies and procedures to ensure compliance with data protection legislation;
Assess the current awareness of data protection requirements;
Consider that types of personal data you hold;
Security measures in place to ensure that there is adequate security over personal data held in manual or electronic form;
Information sharing;
Consent for personal data;
The processes and documentation for managing both electronic and manual records containing personal data;
The use of CCTV or other surveillance.
The methods for responding to any request for personal data, including requests by individuals for copies of their data as well as those made by third parties, and sharing agreements;
The handling of staff data, the provision of GDPR training;

How long does an audit take?

The duration of the audit, is dependent on the size of the organisation, the scope and requirements of each organisation.

We will need to do some preparatory work and research of the industry prior to the audit.

Then we will undertake an onsite or virtual audit if viable, which varies from half a day through to 2 days, followed by a detailed report. In most instances, we will deliver our report two weeks after the date of the onsite audit.

Why use Oasis Business Support for your GDPR audit?

We believe in providing you with recommendations and practical advice that you can adopt and implement to improve your GDPR compliance, awareness and obligations.

We know that no two organisations are alike, so we provide personalised reports specific to your organisation size and scope of work.

Once we have developed the GDPR report, we will follow up a month later to find out how you are getting on, where you can ask any further questions you may have.