The purpose of the audit is to provide the DPO and the organisation with an independent assurance of the extent to which the organisation, within the scope of this agreed audit is complying with the GDPR.

The recommendations made are primarily around enhancing existing processes to facilitate compliance with the GDPR

Overall Conclusion: Reasonable Assurance

The arrangements for data protection compliance with regard to governance and controls provide a reasonable assurance that processes and procedures are in place and being adhered to. The audit has identified some scope for improvement in existing arrangements.

We have made 1 limited and 2 reasonable assurance assessments of scope areas where controls could be enhanced to address the issues which are summarised below and presented fully in the ‘detailed findings and action plan’ at section xxx of this report