Privacy Laws & Business has an experienced multi-disciplinary team of data protection consultants and auditors who undertake a wide range of UK and international projects across all market sectors.
These services include: conducting gap analyses, audits and data protection audit workshops.

Our auditing services include:

• Gap analyses for clients without data protection systems
  
• Data protection audits for clients with existing systems
  
• Global data protection audits for multinational companies
  
• Both in-house and public audit training courses in the use of the UK Information Commissioner’s Audit Manual
  
• Producing customised auditing questionnaires and checklists for specific processes such as recruitment, marketing and complaint-handling.

Clients’ Audit Projects

Privacy Laws & Business auditors draw on their experience of preparing the Data Protection Auditing Manual for the UK’s Information Commissioner. Many of the techniques developed and lessons learned are applied to our clients’ businesses. Privacy Laws & Business has adapted the audit methodology to work successfully with clients’ processing of personal data and other countries’ laws. A typical audit project involves:

• Risk assessment
  
• Developing internal audit schedules and pre-audit questionnaires
  
• Holding preparatory meetings
  
• Conducting Adequacy Audits by reviewing data protection documentation and compiling Adequacy Audit reports
  
• Preparing for Compliance Audits by drawing up Departmental and Process Audit checklists and Audit Plans
  
• Conducting on-site Compliance Audits involving Opening Meetings, Functional and Process Audits and Staff Awareness interviews
  
• Reporting findings via Compliance Audit Reports and associated Non-compliance Records, Observation Notes and corrective action
  
• Conducting Closing Meetings and dealing with Audit Follow-up activities.

The methodology also has international application:

Accenture used Privacy Laws & Business as its auditor in several countries in Europe, North America and Asia. The auditors assessed the compliance of several of its global processes with its global privacy policy.

The Hong Kong’s Privacy Commissioner for Personal Data used the Privacy Laws & Business audit team to train his staff on how to audit the processes relating to Hong Kong’s new electronic identity card for compliance with Hong Kong’s law. They now have a standard audit methodology, which they can use with confidence in other areas.