Last week we provided you with the initial building blocks for your data protection audit routines – below is the second instalment.
Training – a key element to creating a culture conscious about data compliance, your audit routine will want to ensure everyone has had the relevant training (along with regular refreshers and records kept) so they’re up to speed with your policies, practices and what’s expected of them. We can support with data protection training – find out more.
Impact assessments – have you introduced a new computer system or marketing platform? You’ll need an impact assessment. Our data protection toolkit has extensive guidance for impact assessments – find out more.
Data subject access requests (DSAR) – maintain a DSAR log to ensure they’re being recorded and responded to appropriately. Keep track of deadlines, follow up actions and any requests you’ve made from the individual (requests for ID and admin fees, for example).
Privacy notices – they’ll need to be a regular feature in your audit routine to ensure they keep pace with your data processing practices and you’re communicating any updates necessary. You’ll find what you need in our previous updates.
In our next update, we’ll explore what great data protection training looks like.
Get in touch if you’d like to access our Data Protection Toolkit or need support carrying out an audit of your data protection practices.