Data Protection audit Programme // IT Management Solutions

Data Protection audit Programme

By Louise Webb

In the last couple of years, there have been some big changes in the way that we deliver our data protection audit programme. We have been busy trying to encourage businesses and public authorities to see the benefits of having an audit and we have expanded our team to make sure we can meet demand.

Despite the audits being free, and even though we have made a commitment to not issue any monetary penalties if we do find any big problems, it can still be an uphill struggle to get organisations to see the benefits.

To help tackle these problems, we have focused on making sure we are clear on what an audit involves, by publishing our guide to data protection audits and summaries of audit reports. We have proactively approached organisations to ask them to agree to an audit, and where the evidence has supported it, we have asked to extend our compulsory audit powers.

We have also implemented a risk based approach to our work, to help us prioritise who we audit and when. This means we are now working with some of the biggest public and private organisations to help them keep personal data secure and this has provided exciting opportunities for the team to share good practice across a range of businesses and public bodies. We publish summaries of our audit reports on our website.

However, we have recognised that ‘one size doesn’t fit all’. The audits are very helpful to larger organisations who already have the basics in place, understand their obligations but need some help in making sure they are doing all that they can. This leaves a lot of small and medium sized organisations who would really benefit from our help but for whom an in depth audit might be too detailed.

Advisory visits

To help with this, we have started a programme of advisory visits to help these organisations to learn how to get data protection right. This involves a one day visit from a member of our good practice team to see what they do with data and how they do it. The aim is to help small businesses, charities and smaller public authorities who may be struggling to understand what they need to do about data protection and need some basic, practical advice. They aren’t as detailed as an audit, but instead focus on general advice and recommendations.

The visits are aimed at small and medium sized organisations that are processing significant volumes of personal information, or sensitive personal data. These might include charities working with vulnerable people, local housing associations, smaller health practices or colleges and education providers.

During the visits we identify what organisations are doing well and what they need to improve and provide practical recommendations and suggestions to put things right. On the day, we focus on areas such as security, records management and requests for personal data and the visits are also flexible enough to provide an opportunity to ask us questions.

You might also like

The Political Meaning of Election 2001

by justyouraveragecitizen

The Political Meaning of Bush v. Gore
Peter Gabel
In the early afternoon of December 8, 2000—five weeks into the national debate about who had won the presidential election and four days before the United States Supreme Court settled the matter—San Francisco's 24 Divisidero bus was making its way along its cross-town route. On the surface, everything seemed normal on that bus—the passengers isolated in their passive roles, staring blankly straight ahead or looking aimlessly out of their windows, each avoiding eye contact with the other, proceeding along on the conveyor belt of social alienation that has imprisoned so many of us so much of the time for the last twenty years.
Then suddenly a big guy in a brown leather jacket got on the bus at Haight Street and shouted, 'The Florida Supreme Court decided for Gore 4–3!' Instantly, p…

Packt Publishing - ebooks Account Disaster Recovery using VMware vSphere Replication and vCenter Site Recovery Manager
Book (Packt Publishing - ebooks Account)

VA releases internal audit summary of scheduling practices  — FedScoop
FedScoop reported earlier this week that VA has known for more than a year of serious weaknesses in VistA's identity and access management controls, as well as the scheduling module's overall integration into the enterprise electronic health record system.

Packt Publishing - ebooks Account Learning Veeam® Backup and Replication for VMware vSphere
Book (Packt Publishing - ebooks Account)
Netgear NETGEAR ReadyNAS 316 6TB (6 x 1TB) 6-Bay Network Attached Storage (RN31661D-100NAS)
Personal Computer (Netgear)
  • Dual-core Intel 2.1GHz processor and 2GB on-board memory
  • 6-bays for 24TB maximum capacity (expandable to 44TB with optional EDA500 chassis)
  • Consolidate, backup and share files across Windows, Mac, Linux, iOS and Android devices
  • Modern interface for easy cloud-based discovery and file management
  • Embedded and add-on applications for iTunes, DLNA, and streaming of music and movies to local or internet-connected devices, including smartphones and tablets
  • On-box data protection including XRAID automatic volume expansion, unlimited snapshots, encryption and real-time anti-virus
  • VM-ready with iSCSI support and vSphere/Hyper-V certification
Netgear Netgear ReadyNAS 300 Series 2 TB 2-Bay 2 x 1 TB Enterprise Class HD Network Attached Storage (RN31221E-100NAS)
Personal Computer (Netgear)
  • Dual-core Intel 2.1GHz processor
  • 2-bays for 8TB maximum capacity (expandable to 28TB w/ optional EDA500 chassis)
  • Consolidate, backup and share files across Windows, Mac, Linux, iOS and Android devices
  • Modern interface for easy cloud-based discovery and file management
  • Embedded and add-on applications for iTunes, DLNA, and streaming of music and movies to local or internet-connected devices, including smartphones and tablets
  • On-box data protection including XRAID automatic volume expansion, unlimited snapshots, encryption and real-time anti-virus
  • VM-ready with iSCSI support and vSphere/Hyper-V certification

Related Posts



Copyright © . All Rights Reserved