Auditing & Data Mapping

A data protection audit assesses your organisation's current practices to highlight where any compliance gaps exist, which then allows your organisation to understand what remedial actions require to be implemented to improve compliance.

A data mapping exercise allows your organisation to understand the lifecycle and flow of personal data in your organisation to allow your organisation to complete its record of processing activities and to understand where remedial actions require to be implemented. 

During a mapping exercise, we look at:

  • What personal data your organisation collects and to whom it relates
  • Why it is collected (and the legal basis applied to the processing purpose)
  • How it is collected
  • How and where it is stored
  • Who it is shared with
  • How it is destroyed (if ever!)

Why do an audit?

There are many reasons for undergoing an audit – you might be preparing your organisation for sale or investment; you may be new to data protection laws and wish to better understand what your organisation needs to do to meet compliance; or you may wish to re-assess/refresh your existing practices.

Auditing methods

While we generally recommend that face-to-face audits (with interviews) are most beneficial for clients, we can undergo an audit in any way that works best for your organisation, such as:

  1. Desktop audit: We perform the audit remotely and (i) prepare and provide a tailored questionnaire for completion by the organisation (with guidance); and (ii) review completed questionnaires, alongside any existing written policies, procedures, privacy notices and contracts.
  2. Interview audit: This involves us interviewing key personnel from the various business functions of your organisation to fully explore the flow of data in the organisation. We also attend your premises to audit the physical security (and test you visitor procedures). As part of this process, we then review the interview responses, physical security findings and all relevant documents.
  3. Tools: If you would prefer to do the audit independently, we can provide you with tailored tools to do this. We will also be on hand to assist with any specific or ad-hoc queries that you may have.

Action report and traffic-light system

Following a desktop or interview audit, we will prepare an audit report with our findings. This report includes an action plan for any remediation recommendations, which is presented as a colour coded traffic-light system to assist your organisation to prioritise its road to compliance.

Remediation recommendations

We can assist to remedy any compliance gaps identified. Please see here for further information on the other services that we can offer.

Our experience

Our Data Protection & Cyber Security lawyers have extensive experience assisting clients of varying sizes and group structures with audits and data mapping exercises.

Our clients operate in varying sectors including, for example, charities and the third sector, logistics, manufacturing, health and life sciences, media and pension schemes.

We have also assisted clients with multi-jurisdictional audits and can act as lead counsel when input is required from local solicitors (for example, to account for the derogations among the EU members states).

Latest updates from @MacRoberts

  • To celebrate the Olympic Games in Tokyo, we're delighted to launch our latest sporting challenge in support of our… 23/07/2021
  • MacRoberts is recruiting! We are currently looking for a Real Estate Planning Solicitor to join the MacRoberts tea… 23/07/2021
  • The countdown is on! With just 100 days to go, we’re looking forward to #COP26 in Glasgow! ♻️ As a firm accredite… 22/07/2021
  • Has lockdown led you to consider a move to the countryside? From discussing a possible purchase to obtaining the… 22/07/2021
  • Have you seen our latest vacancies? 💼 We currently have opportunities in various departments across the firm. Fin… 21/07/2021
  • Acas has published new guidance for employers with helpful information on #flexibleworking & #hybridworking. With t… 20/07/2021
  • Busting the myth that a career in law is only for the privileged few: @marikaflawyer is speaking at this morning’s… 19/07/2021
  • MacRoberts is recruiting! We are currently looking for a Support Services Assistant to join our team in Edinburgh.… 16/07/2021
  • MacRoberts is pleased to have been part of the team advising @HV_Systems in its £5m capital boost from Beehive Equi… 15/07/2021
  • MacRoberts is recruiting! We are currently looking for a NQ Solicitor to join our Conveyancing & Private Client te… 14/07/2021
  • For the last of our IGTV mini-series, we hear from Katie MacLeod. She will be giving an insight into what it’s like… 14/07/2021
  • RT @marikaflawyer: Exciting opportunity for Associate in our award winning Family Law team #familylaw #LegalCareer 14/07/2021
  • MacRoberts is recruiting! We are currently looking for an Associate to join our Family Law team in Edinburgh or Gl… 14/07/2021
  • Last week, the UK Government took the decision to relax the rules on the length of time lorry drivers can work as a… 13/07/2021
  • Did you know that we are on Instagram?😜 Follow our page for all the latest legal updates, exclusive IGTV’s and mor… 09/07/2021