EasylifeIT™ GDPR Scoping Audit

Written by James Allison. Posted in Expert Articles

previewIntroduction

As ‘Step 2’ of its ’12 steps to take now’ guidance on preparing for the General Data Protection Regulation (GDPR), the Information Commissioner’s Office (ICO) recommends that organisations should:

“document what personal data you hold, where it came from and who you share it with.  You may need to organise an information audit.”

Implementing the GDPR could have significant resource implications, especially for larger and more complex organisations. However, the size of your company is not the only determining factor.  Smaller companies may need to commit a disproportionate amount of effort to achieve compliance, particularly if their main business activities require them to control and/or process large volumes of personal data.

An important starting point therefore is make a short but structured assessment to identify:

The output of this initial study will then help to determine what the next steps should be, whether you have the right skills / resources at your disposal, and how best to focus those resources.

EasylifeIT™ GDPR Scoping Audit

EasylifeIT can help by facilitating and documenting this initial information audit.  The primary aim is to identify areas of the business that are likely to process personal data, and in particular any sensitive personal data.

Areas to be assessed very early on in the process of GDPR compliance are typically:

Therefore, in order to maximise the value of the audit, decision makers representing each of the company’s key data processing functions would need to be involved in the process.  EasylifeIT’s consultant will spend one day on-site working directly with those nominated decision makers.

GDPR requires organisations to document what personal data they hold, where it came from and who they share it with. Specifically therefore, EasylifeIT’s Scoping Audit will seek to gather information about the following:

In addition, the ICO has also designed a basic tool set to help organisations get prepared for the new legislation. It helps introduce some of the concepts companies will need to get to grips with a little later on. These include: the new rights of individuals, handling subject access requests, consent, data breaches and designating a data protection officer.

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/ 

As part of EasylifeIT’s Scoping Audit, our consultant will also run through these questionnaires with the company’s designated decision makers. This will provide another useful measure of the company’s current level of GDPR preparedness and the gap (if any) which needs to be closed. Analysis of this will be included in EasylifeIT’s report which will be provided as part of the Scoping Audit.

Deliverables

A 2 day programme of work, comprising:

JAMES ALLISON

James AllisonSTRATEGIC IT CONSULTANT. EASYLIFEIT NORWICH
JAMES IS AN EXPERIENCED AND VERSATILE BUSINESS PROFESSIONAL WHO HAS WORKED ACROSS MULTIPLE SECTORS. HE PROVIDES COMPLEMENTARY SKILLS TO EXECUTIVE TEAMS, ADVISING ACROSS A RANGE OF DISCIPLINES INCLUDING IT STRATEGY, BUSINESS CONTINUITY PLANNING AND IT PROJECT MANAGEMENT

Print