Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
78 views7 pages

Data Protection Audit Guide

This document appears to be an audit checklist for assessing an organization's compliance with data protection requirements. It addresses issues related to organizational management of data protection, documentation, key business processes, the eight data protection principles, and other issues like using data processors and notification. The checklist contains over 100 questions organized across these topics, with space to note the document references, comments, and audit results for each item.

Uploaded by

noor prayoga mokoginta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
78 views7 pages

Data Protection Audit Guide

This document appears to be an audit checklist for assessing an organization's compliance with data protection requirements. It addresses issues related to organizational management of data protection, documentation, key business processes, the eight data protection principles, and other issues like using data processors and notification. The checklist contains over 100 questions organized across these topics, with space to note the document references, comments, and audit results for each item.

Uploaded by

noor prayoga mokoginta
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 7

Page 1

IC E: Adequacy Audit Checklists


Organisation Department Date

Aspect E.1 Organisational and Management Issues Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.1.1 The Data Protection System
a) Data Protection Policy

b) Staffing and Reporting Structures

c) Staff Awareness & Training

d) Planning and Implementation

e) System Audit and Review

E.1.2 Documentation Issues


a) Data Protection Procedures

b) Job Descriptions and Staff Contracts

c) Data collection

E.1.3 Key Business Processes


a) Key Business Processes

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.1 June 2001


Page 2
IC E: Adequacy Audit Checklists
Organisation Department Date

Aspect E.2 The Eight Data Protection Principles Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.2.1 The First Principle
a) Categories of Personal Data

b) Schedule 2 - Grounds for Legitimate


Processing of Personal Data

c) Schedule 3 - Grounds for Legitimate


Processing of Sensitive Personal Data

d) Obtaining personal data

e) Lawful Processing

f) Fair Processing

g) Exemptions from the First Data Protection


Principle

E.2.2 The Second Principle


a) Uses of Personal Data within the
organisation

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.2 June 2001


Page 3
IC E: Adequacy Audit Checklists
Organisation Department Date

Aspect E.2 The Eight Data Protection Principles Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.2.2 The Second Principle (continued)
b) Use of Existing Personal Data for new
purposes

c) Disclosures of Data

E.2.3 The Third Principle


a) Adequacy and relevance of Personal
Data

E.2.4 The Fourth Principle


a) Accuracy of Personal Data

b) Keeping Personal Data up-to-date

E.2.5 The Fifth Principle


a) Retention Policy

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.3 June 2001


Page 4
IC E: Adequacy Audit Checklists
Organisation Department Date

Aspect E.2 The Eight Data Protection Principles Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.2.5 The Fifth Principle (continued)
b) Review and deletion of Personal Data

E.2.6 The Sixth Principle


a) Subject access

b) Appropriate withholding of personal data


in response to a subject access request

c) Processing that may cause Damage or


Distress

d) Dealing with Notices served by individuals

e) Automated Decision Taking

f) Rectification, blocking, erasure and


destruction

g) Staff awareness

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.4 June 2001


Page 5
IC E: Adequacy Audit Checklists
Organisation Department Date

Aspect E.2 The Eight Data Protection Principles Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.2.7 The Seventh Principle
a) Security policy

b) Unauthorised or unlawful processing of


data

c) Ensuring reliability of Staff

d) Destruction of Personal Data

e) Contingency Planning - Accidental loss,


destruction, damage to personal data

E.2.8 The Eighth Principle


a) Adequate Levels of Protection

b) Exempt transfers

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.5 June 2001


Page 6
IC E: Adequacy Audit Checklists
Organisation Department Date

Aspect E.3 Other Data Protection Issues Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.3.1 Using Data Processors
a) Choosing a Data Processor

b) Contract Initiation

c) Contract review

d) Contract modifications

e) Contract breaches

E.3.2 Notification
a) Notification to the Commissioner

b) Notification Maintenance

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.6 June 2001


Page 7
IC E: Adequacy Audit Checklists
Organisation Department Date

Aspect E.3 Other Data Protection Issues Auditor Audit ref:

Data Protection Issue Document reference(s) Comments Result


E.3.3 Transitional Provisions
a) Processing Already under way
determined

b) The first and second transitional periods

KEY:  = Issue addressed adequately ? = Issue not addressed adequately  = No reference found to issue in documentation

Version 1 page E.7 June 2001

You might also like