Skip navigation Spacer Spacer Spacer
Data Protection Logo Spacer Guide to Data Protection Auditing

Data Protection Homepage  Bullet  
Download print version  Bullet  

What is a Data Protection Audit? Why Audit? Beginner's guide Step-by-step Process Forms and Checklists Site Map

SpacerHomepage | Foreword | Introduction | Data Protection Act
Spacer
Spacer

Foreword

A significant feature of the Data Protection Act 1998 is a provision that gives me powers to assess the processing of personal data for the following of good practice, at the invitation of a data controller. I also enjoy inspection and monitoring powers as part of my functions as the United Kingdom's designated national supervisory body under the Europol and Customs Information System Conventions.

To assist me in undertaking these functions, I commissioned the development of a data protection compliance audit methodology. The methodology consists of guidance on conducting a compliance audit and a series of checklists aimed at focussing in on the level of compliance by a data controller. I have made this guide generally available to aid data controllers who wish to undertake or commission their own data protection compliance audits. The guide contains basic auditing guidance to help ensure even small organisations with limited auditing experience can also attempt compliance auditing.

The guide is necessarily written at a high level and is not intended as a certification tool, guaranteeing compliance with the Data Protection Act. Its use serves to identify possible areas of non-compliance requiring attention by a data controller. Although use of the manual has been piloted, there is no substitute for experience of using it in practice and I look forward to hearing the reactions of those who do use it. I expect that, as we gain experience of its use, the checklist questions will be refined and may be expanded to cover issues specific to a particular sector. It is also my intention to look at the possibility of producing a less lengthy document aimed at smaller organisations without the resources to embark on a detailed compliance audit.

Ensuring compliance with the data protection standards is not simply an issue of operating within the law; it is also about the effective handling of personal information and respecting the interests of individual data subjects. I hope that this guide assists data controllers in addressing these important objectives.

Elizabeth France - Signature


Elizabeth France
Information Commissioner

Return to top
 
Spacer

What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright