The Service

Data Protection Audits are used to assess an organisations current state of data protection compliance.

A Data Protection Audit will help you review and assess the adequacy of your controls, policies, and procedures. It can help to demonstrate that your organisation is meeting your obligations under whichever data protection regulations apply in your jurisdiction, and across others which your company may have operations in or transfer personal data from. Worldwide there are many different regulations, such as the GDPR (EU), CCPA (California) PDPA (Singapore) or LGPD (Brazil).

If your organisation needs an audit just focusing on your GDPR compliance, please view our GDPR Audit service page.

These services can be carried out remotely.

The Benefits

  • Gain understanding of the maturity your organisation has currently in relation to data protection compliance

  • Demonstrate your commitment to compliance to your customers and the applicable regulator(s)

  • Obtain a clear road path to demonstrate alignment with data protection laws

  • Avail of subject matter expertise and practical recommendations from very experienced consultants

  • From conducting a number of similar audits, we can share best practice advice and provide recommendations for continual improvement

  • Benefit from a neutral assessment with an unbiased perspective

The Challenge

Whether you have already implemented a compliance programme or are at the beginning of your journey, a data protection audit will help you understand what is required to improve and demonstrate your compliance.

Like many organisations however, you may not have the necessary expertise internally or the resources to fund the training of staff to conduct data protection audits. Additionally, you may wish to audit your processes using external specialists to provide further reassurance to your staff and customer of your commitment to data protection compliance.

You can use our data protection audit to review your compliance with data protection laws in full or to target functions, departments or even 3rd party organisations providing data processing or data controlling services.

Our Process

At BH Consulting, we understand that you may find data protection compliance daunting and complicated. Our consultants have an in-depth understanding of the requirements of various data protection laws and how they should be met. They also have extensive data protection and information security project management expertise.

Our Data Protection Audit will help you understand your current level of compliance with data protection laws eg: GDPR, PDPA, CCPA and provide you with practical recommendations on what is needed to improve.

Our Audit process is based on the requirements of the client and the drivers behind the need for the audit. The general aim of this audit is to determine if appropriate controls have been implemented to ensure your organisations compliance with the specific aspects of data protection legislation and regulations including areas such as these, where appropriate:

  • Scope of compliance

  • Data protection governance and oversight function (DPO role) within the organisation

  • Implementation of a data protection policy and supporting policy framework, such as:

      • General data protection policy
      • Subject access request policy and procedure
      • Breach incident management policy and plan
      • Data mapping records
      • Data privacy impact assessment procedure & questionnaire
      • Retention policies & timelines
  • Existence of data processing agreements with third parties such as vendors and customers

  • Employee privacy notice, employment contracts and employee handbook

  • Existence of records of processing activities

  • Staff training: materials, training records and plans for future training

  • Appropriate international data transfer mechanisms

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.