To ensure required levels of data protection compliance, you need to understand exactly what processing of personal data you are undertaking. A first step in establishing such an understanding at organisational level will require a comprehensive review and documentation of data for which you are controller and therefore have legal responsibility.
The documentation of a data audit will also assist you when it comes to demonstrating a proactive approach to your statutory obligations as well as future reporting requirements to the Office of the Data Protection Authority (ODPA).
Below are suggested key steps that you may find helpful when conducting a data audit. You will need to tailor the questions and general approach based on your own particular circumstances.
Stage 2: Identify the personal data and how it is processed
You know your organisation better than anyone so ensure you include questions that are relevant and specific to your own processing.
Stage 3: Assess processing and compliance
Stage 4: Report, recommend and make changes