Auditing data protection

The day long course considers how an organisation can assess data protection compliance and identifies the key audit controls through which data protection practices and procedures can be monitored. The course is designed for auditors who do not have detailed data protection knowledge.

Contents include: examination of assessments which do not involve access to personal data: management structures; Data Protection Officer status; training and staff awareness; contracts with data processors. Software. Privacy Impact Assessments. Auditing which requires access to personal data: assessment of compliance with principles (e.g. collection of personal data; legal basis of processing), notification, dealing with data subject rights, security of processing, transfers outside the EEA.