GDPR audits & healthchecks


Often, the starting point for many of our new clients is a data protection and GDPR audit. That’s because they tell us, “We don’t know what we don’t know”. And they’re right: until you know what the issues are, and where you may not be compliant, you can’t begin the process of change and improvement. So a data protection audit is a sensible place to start.

If you need a lighter touch approach, a simpler GDPR health check may be all you need.

Why ask us?

All of our consultants are experts in data protection and are GDPR auditors, and have many years of experience auditing both large and small businesses.

What kind of data does the audit cover?

Your GDPR audit will cover all of the personal data processed across your organisation in relation to:

  • your clients
  • your employees
  • any third party organisations which process personal data on your behalf
  • any partner organisations with whom you share data.

What does the audit include?

We’ll ensure that nothing is missed. We take a ‘no stone unturned’ approach to track how data is collected, used and shared across every department of your organisation and with third-party organisations (including any data processors you may use).

We measure this activity against the Data Protection Act 2018, the GDPR and other legislation (such as the Privacy and Electronic Communications Regulations 2003 and Computer Misuse Act 1998).

The audit also includes an assessment of the data subjects’ understanding of how you will be processing their data and their rights under the Data Protection Act and the GDPR.

What happens in our GDPR audit?

The audit is in 2 parts:

  1. Initial review – We will review all of your existing policies, procedures and systems, and consider to what extent they comply with the legislation. We will also identify any gaps.
  2. Assessment of how data is processed – To what extent do your employees and data processors, who both process personal data, adhere to your existing systems and policies? We’ll interview a selection of employees at all levels and across all departments, sitting with them at their workstation to understand how data flows through your business.

We will then present the results to you in a straightforward report which clearly identifies the issues identified, the risk level for each process, and the recommended solution to the risk.

Simpler GDPR healthcheck

For those looking for a lighter touch, a healthcheck is often more appropriate. This would usually focus on specific areas of risk or concern that you have already identified. This is often conducted in a workshop environment, with the relevant team, with a view to developing a working solution by the end of the day.