Sunday, 13 July 2014

How should you carry out a data protection audit, or health check?

Bearing in mind the audit points that the ICO auditors tend to raise when they visit an organisation, what issues should you focus on, bearing in mind that businesses have many things to worry about, in addition to worrying about not getting on the wrong side of the regulator?

And, just as importantly, how much is the busy data protection professional prepared to pay to get a set of decent audit questions?

Well, if you are prepared to pay as little as £5.99 to learn more about my audit methodology, then read on.

I’ve just published a short guide for the busy data protection professional who needs to ensure that their organisation operates practices and procedures which meet their legal obligations. People who follow the advice in this guide will significantly improve the likelihood that, should their organisation be examined, the ICO will determine that there is a high level of assurance that effective controls are in place. 

Data protection professional, beware - this is not a book designed for people who are obsessed with complying with absolutely every aspect of data protection law. Some may think that I've set the bar far too low in terms of what needs to be done do demonstrate that organisations take data protection issues sufficiently seriously. 

Please, reader, please feel free to part with £5.99 of your own money and decide for yourself as to how robust my audit methodology is. If you have, and can also monitor, the controls that I've outlined in my guide, then as far as I’m concerned, you're well on the way to data protection nirvana.

I’m always open to suggestions proposals about publishing this methodology in an alternative format. I’m embarking on the digital format first.  Once I’ve learnt whether others are just as excited about it as I, and my clients who have submitted themselves to this audit methodology, am, then I’ll consider revising it and publishing it as a paperback, too.