Compliance audit and remediation
Before laying the foundations of a good privacy management programme, you need to assess your organisation’s state of compliance with current data protection legislation.
We have extensive experience in carrying out data protection audits, implementing gap analysis exercises, and undertaking subsequent remediation work to ensure that your organisation is compliant. For us, this is not just a ‘tick-box exercise’; we will assess your organisation’s compliance based on how you use personal data and the risks associated with using it in this way.
Our approach to audit remediation is meticulous. We explore all aspects of data processing within your organisation and benchmark this against current data protection laws and regulations. Any identified gaps are met with observations and recommendations to ensure that your organisation can rectify any areas of concern.
The kick-off meeting and audit strategy
We will get together to establish the scope of the audit and obtain an overview of your organisation’s data processing activities, including a review of the current privacy programme in place.
To develop a complete understanding of the personal data being processed, we will identify key areas of your business where the processing is being undertaken and arrange meetings with individuals in these areas. As part of the kick-off meeting, we will also request copies of documentation to assess your internal compliance with privacy practices mandated in your policies and procedures. Upon completion of the audit, we will provide you with a simple, easy-to-use report containing our observations and recommendations to enable you to remediate any identified gaps.
The remediation project
We will work with you to review the recommendations identified in the audit report and create an executable remediation project plan to ensure that your organisation remedies any deficiencies in compliance with data protection legislation.
Assurance and continuous monitoring
Upon completion of any remediation work, we will carry out an assurance exercise, setting up monitoring processes to ensure that appropriate data protection actions have been fully embedded and are being followed within your organisation.