The Law allows the ODPA to conduct data protection audits. All organisations who handle data should consider conducting their own internal audits at regular intervals.
The ODPA has the power in law to conduct a data protection audit on a controller or processor. These audits may only be carried out in limited circumstances and will usually follow on from a formal investigation carried out by the ODPA. See schedule 7, para 9 of the Law.
Organisations should also ensure that they fully document and understand their processing activities. Conducting some form of an internal audit can be a good starting point in building a proactive and effective compliance programme.
The Bailiwick of Guernsey's independent authority which regulates data protection legislation through an ethics-based approach, empowers individuals and protects their rights, promotes excellence in data protection, and supports the data economy to embrace
Receive regular information and statistics related to our activities and governance