 |
Unsatisfactory Adequacy Audit (print ref: Part 2, Section 2.2)
The Adequacy Audit may indicate that the organisation has very little data protection documentation in place with inadequate procedures and major gaps in areas such as data protection awareness training. If an Auditor uncovered such major deficiencies at this preliminary stage, they must make a policy decision as how to proceed. In these circumstances there are three options:
- The organisation may still wish to go ahead with a Compliance Audit to help formulate potential solutions to address the key gaps and weaknesses already identified in its systems
- The Auditor can inform the organisation that there is little point in conducting the Compliance Audit until the major deficiencies have been addressed.
- The Auditor can refer the organisation to the Commissioner or others providing data protection advice and guidance in order to rectify the deficiencies in the data protection system.
Return to top
|
|
