05.04 – Audit Objectives

When carrying out a Data Protection Audit in any area of an organisation the Auditor has three clear objectives:

To verify that there is a formal (i.e. documented and up-to-date) data protection system in place in the area
To verify that all the staff in the area involved in data protection:
- Are aware of the existence of the data protection system
- Understand the data protection system
- Use the data protection system
To verify that the data protection system in the area actually works and is effective

Freelance DPO