Skip navigation Spacer Spacer Spacer
Data Protection Logo Spacer Guide to Data Protection Auditing

Data Protection Homepage  Bullet  
Download print version  Bullet  

What is a Data Protection Audit? Why Audit? Beginner's guide Step-by-step Process Forms and Checklists Site Map

SpacerHomepage | Foreword | Introduction | Data Protection Act
Spacer
Spacer

Introduction

This guide has been produced by the Information Commissioner to assist with data protection compliance auditing. It has been produced to help the Commissioner undertake her functions under section 51(7) of the Data Protection Act 1998 and as the United Kingdom's designated national supervisory body under the Europol Convention and the Customs Information System Convention and Regulation.

The guide contains a methodology for conducting data protection compliance audits together with a series of checklists aimed at testing compliance with each of the Acts main provisions. Rather than simply being tailored to the Commissioners specific needs, it has been written in such a way that any data controller can use it to help judge their own data protection compliance. Similarly, it may also be used by other organisations offering such services to data controllers. Given that potential users may have different levels of existing audit expertise, the guide also includes general guidance on compliance auditing.

Although use of the guide should help data controllers to focus on their own compliance with the Data Protection Act 1998, its use can never be a comprehensive guarantee of compliance as the guide is necessarily written at a general level for a diverse audience. It is expected that the checklist questions may develop over time as experience is gained in using these in practical situations. Given that the checklists are aimed at assessing compliance with the main elements of the Act, there is also scope for the development further sector specific checklists such as in connection with The Telecommunications (Data Protection and Privacy) Regulations 1999. The Commissioner will make any such updates available as and when they are produced.

The guide is divided into five main parts. In addition to this introduction, these deal with; the audit method, the audit process, general guidance on auditing and a series of annexes providing essential documents such as checklists containing compliance questions for each of the Acts main features and other pro forma documents.

Return to top
 
Spacer

What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright