Following pre-audit discussions with organisation, it was agreed that the audit would focus on the following areas:

1. Data protection governance – The extent to which data protection responsibility, policies and procedures, performance measurement controls, and reporting mechanisms to monitor NDPR compliance are in place and in operation throughout the organisation.
2. Security of personal data – The technical and organisational measures in place to ensure that there is adequate security over personal data held in manual or electronic form.
3. Requests for personal data – The processes in place to respond to any requests for personal data. This will include requests by individuals for copies of their data (subject access requests) as well those made by third parties and sharing agreements.