Hi
I think you have a few options: internal audit; audit by your legal team; external specialist; voluntary ICO audit.
It depends on what you want to achieve. Do you want a gap analysis on policies for example or more broadly on overall compliance? Review of GDPR implementation? More in-depth review of the specific documents?
We had a recent internal audit but high level of our GDPR implementation plan and not on compliance itself. Not sure if this sounds too basic, but could you start with a list of the requirements and do your own gap analysis, then have someone review that? The less time you talk to legal, the less it will cost :-) That document could then form the basis of your proof of a compliance framework.
Victoria Blyth
Information Strategy Manager
Information Management Team
London Borough of Barnet, North London Business Park, Oakleigh Road South, London N11 1NP
Tel: 020 8359 2015
please consider the environment - do you really need to print this email?
Advance notice of leave 29 July – 16 August
-----Original Message-----
From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Danny Budzak
Sent: 19 June 2019 09:50
To: [log in to unmask]
Subject: [data-protection] QA review of GDPR work?
Hi,
I have recently been involved in creating DPIA, Privacy Notice and Consent Form for the use of biometric data for construction site access. Very intersting too! This involved working very closely with our lawyers and I found the whole exercise really useful and helpful. (As an aside, which may help others, we have had the consent form and privacy notices translated into eight languages which are likely to be the main ones spoken on the site. We have done this on the basis of making sure people are clear what they are consenting too).
I am now wondering whether to ask the lawyers to do a QA (quality assurance) review of some of our other GDPR work. There is no one else in the organisation apart from me who works on data protection issues and there is not a pool of that level of expertise.
It is not about creating policies, privacy notices and DPIAs from scratch - we have those - it's about someone reviewing them who has the expertise to do so. Has anyone else done this?
thanks + rgds
Danny
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This email and any attachments to it are intended solely for the individual to whom it is addressed. It may contain sensitive or confidential material and should be handled accordingly. However, it is recognised that, as an intended recipient of this email, you may wish to share it with those who have a legitimate interest in the contents.
If you have received this email in error and you are not the intended recipient you must not disclose, distribute, copy or print any of the information contained or attached within it, all copies must be deleted from your system. Please notify the sender immediately.
Whilst we take reasonable steps to identify software viruses, any attachments to this email may contain viruses which our anti-virus software has failed to identify. No liability can be accepted, and you should therefore carry out your own anti-virus checks before opening any documents.
Please note: Information contained in this e-mail may be subject to public disclosure under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004.
This message has been scanned by Exchange Online Protection.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|