05.01 – Statement of Policy

The Data Protection Compliance Audit policy enables <<Organisation>> to establish good practices around the use and handling of information, promote a culture of awareness and improvement, to understand their responsibilities and accountability, and comply with relevant legislation including the General Data Protection Regulation (GDPR). Its aim is to provide employees with a framework that ensures appropriate use of personal data and provide assurance that the <<organisation>> acts responsibly to protect the personal data it processes.

This policy, and associated process documentation, identifies the importance of data protection compliance auditing and clearly outlines how this should be undertaken. The purpose of this policy is to provide relevant <<Organisation>> employees with the necessary understanding of the <<organisation>> data protection compliance audit process and their responsibilities within. It will assist the management, in their role as Data Controller, to gain assurance that all data processed through <<organisation>> systems is compliant with the data protection principles.

Information is a powerful tool and a vital asset, in regard to both law enforcement processing and the management of services and resources across the <<organisation>>. It is of paramount importance that employees have access to the information they need to undertake their duties safely and effectively, but also that confidential and sensitive information remains secure. This applies to information relating to the organisation, its employees and the public. It is also vital that appropriate policies, procedures and processes provide a solid foundation for data protection compliance across the entire <<organisation>>.

Applies (but not limited) to: All categories of <<organisation>> employees, whether full-time, part-time, permanent, fixed term, temporary (including agency staff, associates and contractors) or seconded staff. Any employee accessing and using <<organisation>> assets and property must have due regard to the contents of this policy.