To ensure required levels of data protection compliance, you need to understand exactly what processing of personal data you are undertaking. A first step in establishing such an understanding at organisational level will require a comprehensive review and documentation of data for which you are controller and therefore have legal responsibility.
The documentation of a data audit will also assist you when it comes to demonstrating a proactive approach to your statutory obligations as well as future reporting requirements to the Office of the Data Protection Authority (ODPA).
Below are suggested key steps that you may find helpful when conducting a data audit. You will need to tailor the questions and general approach based on your own particular circumstances.
Stage 2: Identify the personal data and how it is processed
Key questions:
You know your organisation better than anyone so ensure you include questions that are relevant and specific to your own processing.
Stage 3: Assess processing and compliance
Stage 4: Report, recommend and make changes
Don’t forget
The Bailiwick of Guernsey's independent supervisory authority which regulates data protection legislation. The ODPA protects people by driving responsible use of personal information through helping organisations get it right, deterring harmful information handling, and taking enforcement action against significant non-compliance
Receive regular information and statistics related to our activities and governance
Sign up nowReceive regular information and statistics related to our activities and governance
Sign up nowThe Office of the Data Protection Authority
+44 (0)1481 742074 info@odpa.gg
Block A, Lefebvre Court, Lefebvre Street, St Peter Port, GY1 2JP
Newsletters sign-up Data Processing Notice Careers Cookies
Website by & Indulge
© 2024 The Office of the Data Protection Authority.