Data Protection Auditing: Making the Information Commission's Audit Manual Work for you

Aims of the workshop

This training is aimed at anyone who needs to conduct Data Protection Audits in their own organisation, or on contractors that make use of your organisation’s personal data to provide services on your behalf. It will provide auditors with the necessary skills to carry out these tasks in a planned and systematic manner. Data protection and/or specialised audit staff can use the manual to audit one process, such as recruitment; one department, such as marketing; or the use of personal data throughout your entire organisation. As a result, you will gain the confidence to build and maintain an adequate compliance programme.

What You Will Learn

You will be given the skills to audit observed practice against your organisation’s Data Protection Policy and Procedures:

• Plan for a Data Protection Audit including carrying out risk assessments, drawing up internal audit schedules, dealing with pre-audit questionnaires and holding preparatory meetings.
• Carry out an Adequacy Audit by reviewing Data Protection documentation and compiling an Adequacy Audit report.
• Prepare for the Compliance Audit by drawing up Functional and Process Audit checklists and an Audit Plan.
• Conduct on-site Compliance Audits involving Opening Meetings, Functional and Process Audits and Staff Awareness interviews.
• Report your findings via a Compliance Audit Report and associated Non-compliance
• Records and Observation Notes.
• Conduct a Closing Meeting and deal with any Audit Follow-up.
• All participants will receive a recruitment audit checklist.

Practical Sessions

Throughout the course you will be given opportunities to develop and try out your practical skills via individual and small group working. These highly interactive practical sessions include:

Using Pre-Audit Documentation including -

• Pre-Audit Questionnaires
• Audit Management Checklists
• Audit Plan and Audit Checklists

Practical Auditing including -

• Documentation Review
• Functional or Vertical Audits
• Process or Horizontal Audits

Interaction with Company Personnel via -

• opening and closing meetings
• staff awareness interviews
• Closing Meetings

Audit Reporting including -

• Adequacy Audit Report generation
• Non-compliance/Observation Records
• Compliance Audit Reports

Basic Data Protection Act Knowledge Required

This two day training course is designed for Data Protection Managers and other personnel familiar with data protection and privacy issues but who have had little or no experience of practical auditing. If you do not understand the detailed requirements of the Data Protection Act, then Privacy Laws & Business recommends that you attend one of its Introduction to Data Protection workshops before you attend the Audit Workshop.

Price: £950 + 17.5% VAT

15% discount for multiple participants from the same organisation.

***Certificate of Participation awarded***

If you have problems registering online please contact the Privacy Laws & Business office on +44 (0)20 8868 9200 or info@privacylaws.com.

Workshop Leader

Valerie Taylor is a Privacy Laws & Business consultant and a qualified solicitor specialising in data protection, IT and intellectual property law. She qualified as a solicitor at Clifford Chance, and went on to work in the legal department of the Royal Mail Group plc where she was the principal data protection adviser. Valerie advises clients on all aspects of data protection and freedom of information business policies and procedures, is a contributing editor to the Privacy Laws & Business UK Newsletter, and is an accredited tutor for the ISEB DP qualification.

Back to top of page