 |
Adequacy Audit Outcome (print ref: Part 3, Section 2.1.4)
Section 1 of Part 1 has shown that the Adequacy Audit can have either a satisfactory or unsatisfactory outcome. The criteria used to make this decision are as follows:
Satisfactory Outcome
If the majority of assessments on the Adequacy Audit Checklist are " " with occasional " " ratings the Audit will have a satisfactory outcome. In this case the organisation can proceed to the next stage of the audit process which is the on-site Compliance Audit. Unsatisfactory Outcome
The types of deficiencies that will result in an unsatisfactory Adequacy Audit include:
- Failure to address any of the Parts or Schedules of the 1998 Data Protection Act or any of the 8 Data Protection Principles.
- Lack of a documented Data Protection Policy.
- Failure to identify the organisational structure, roles and responsibilities that ensure the Data Protection Policy is implemented.
- Lack of documented procedures to deal with specific Data Protection issues.
This situation will result from one or more " " assessments recorded against each main heading of the Adequacy Audit Checklist.
In the case of an unsatisfactory outcome, the options available to the organisation are those listed in Section 1.2 of Part 1. It may still be appropriate to conduct a Compliance Audit as this may identify areas that need addressing in the Data Protection System. The Commissioner, when assessing compliance with the Act, would usually wish to examine what happens in practice before coming to any conclusions on non-compliance.
Return to top
|
|
