Data Audits

The Law allows the ODPA to conduct data protection audits. All organisations who handle data should consider conducting their own internal audits at regular intervals.
Statutory audits
The ODPA has the power in law to conduct a data protection audit on a controller or processor. These audits may only be carried out in limited circumstances and will usually follow on from a formal investigation carried out by the ODPA. See schedule 7, para 9 of the Law.
Internal audits
Organisations should also ensure that they fully document and understand their processing activities. Conducting some form of an internal audit can be a good starting point in building a proactive and effective compliance programme.