![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Data Protection Homepage |
|
|
![]() |
![]() |
|
![]() |
![]() |
Audit Follow-up (print ref: Part 3, Section 5)If any Non-compliances are discovered during a Data Protection Audit, it is desirable to undertake some sort of Audit Follow-up in order to check that the proposed corrective action has actually been implemented and that it has been effective. The issues that need to be addressed when deciding on an appropriate Audit Follow-up programme are described in the sections that follow and are also illustrated in flow chart form in Figure 3.7. Scope The scope of follow-up action should be chosen in accordance with the severity of the original non-compliance and therefore may be any of the following:
This information will be recorded in the lower section of the Compliance Audit Report during the Closing Meeting as described in Section 4.4.4. Timescales The timescale of the follow-up action should also be chosen in accordance with the severity of the original Non-compliance and the original risk assessment of the Data Protection activities involved (see Section 1.1). Minor non-compliances may be left until the next scheduled audit of the Area/Department while major problems may need to be corrected immediately. This information will also be recorded in the lower section of the Compliance Audit Report as described in Section 4.4.4. ![]() Fig. 3.7: Audit Follow-up |
|
![]() |
![]() |