GDPR Auditing

GDPR Audit Services

A GDPR audit will provide an assessment of a Business’s data protection practices and compliance with the UK GDPR and Data Protection Act 2018.

The ICO advises that audits are a key part of assisting organisations in understanding and meeting their data protection obligations to confirm that controls are fit for purpose and that policies and procedures are effective to support and document compliance.

It is considered best practice to perform an audit to ensure there is an ongoing focus on protecting and managing customer’s data and that the systems and staff are compliant with the regulations and enable a Business to respond to any internal or external changes.

A GDPR audit will cover a significant amount of ground to test the approach to UK GDPR and Data Protection compliance.

We will obtain the information we need to complete the audit through the following:

  1. Review of relevant policies and other documents (see list below)
  2. Interview with the Data Compliance Manager and/or the Data Protection Officer and any assistants.
  3. Interviews with management and staff from all areas of the Business. The interviews will be a Q&A which seeks to establish the general knowledge of staff in the business at varying levels.
  4. Interview with the IT Department or external IT Support to discuss critical system protections and security and data storage.

A GDPR audit will cover the following key areas:

  • All Policies to ensure they are up to date with the latest regulations and legislation.
  • Data Retention approach and management
  • System Security
  • Data storage processes (Internal and External arrangements)
  • Data management control
  • Data Portability
  • Cyber Crime Protection and Awareness
  • Remote working management
  • Terms and Conditions
  • Data Controller/Processor arrangements and agreements
  • Contracts
  • Customer Notices
  • Internal systems and controls
  • Staff Notices
  • Reporting
  • Breach Management
  • Breach Storage
  • Subject Access Request Management
  • ICO Reports and Engagement

Our GDPR audit will provide the management of a business with confidence to know that the business is compliant with the requirements of the regulation and is able to demonstrate such compliance.

We will identify any issues or concerns along with knowledge gaps and provide solutions and proposals to rectify these.

A GDPR audit is essential to maintain a compliant environment and to identify any issues that must be tackled.

To enquire about our auditing services and how AML and Compliance can work with your business, you can call us on 0203 985 8553, email us at or complete an enquiry form.

Contact Us

London Office:

St Magnus House,
3 Lower Thames Street,

Northern Office:

Cleveland Business Centre,
Oak Street,