05.02 – Policy Scope

<<Organisation>> has a statutory obligation to process personal data in accordance with the provisions of the GDPR.

This policy will ensure <<organisation>> compliance with the GDPR audit guidelines. This policy addresses the organisations programs, initiatives, processes and systems involving the collection, use or disclosure of personal data.

All employees are required to understand their responsibilities under GDPR data protection legislation, with specific staff groups requiring more detailed knowledge around the <<organisation>> data protection compliance audit process. Data protection is the responsibility of ALL employees and this policy must be adhered to. This policy is triggered as soon as a system/process, which processes personal data, is identified as requiring auditing in regard to data protection compliance.

If this policy is not adhered to and/or the data protection compliance audit process is not completed at the appropriate time, potential risks to the <<organisation>> include, but are not limited to:

  • Inability to secure and maintain individuals’ trust and confidence in the <<organisation>>
  • Damage to the <<organisation>> reputation
  • Failure to comply with relevant legislation, including demonstrating compliance with accountability obligations
  • The potential breach of GDPR data protection legislation, resulting in potential action being taken against the <<organisation>>
  • Inaccurate information being held which could have an impact on operational and business requirement
  • Financial loss