Wellers Law Group was instructed by a Human Resource events company to conduct a data protection audit of its business to identify (i) whether its processing of personal data complied with existing data protection and privacy laws, (ii) if not, what steps it needed to take to make sure its use of data was compliant and (iii) to establish what actions were necessary to ensure its business was ready for the new data protection rules coming into force in May 2018.

Carrying out a Data Protection Audit:

A Case Study

DATA PROTECTION QUESTIONNAIRES

Wellers assisted with tailoring data questionnaires for every type of data the company holds to enable the business to provide information to Wellers about its own use of data by the company.

IDENTIFYING COMPLIANCE WEAKNESSES

By reviewing the completed questionnaires Wellers was able to identify areas where the company is failing to comply with data protection rules.

ASSESSING RISKS OF DATA PROTECTION BREACH(ES)

Once the areas of non-compliance were identified Wellers and the client assessed the risk(s) of the company breaching data protection law. In particular, they saw that the use of personal devices by employees was unrestricted which exposed the company to a significant risk of data breaches in the event of loss or misuse of these devices. Other failures were assessed in the same way.

IDENTIFYING COMPLIANCE SOLUTIONS

Having completed the previous steps Wellers worked with the client to identify solutions to every area of failure. These included putting a policy in place around the use of personal portable devices by employees, updating the data retention policy and instituting a training programme throughout the organisation.

PLANNING FOR THE NEW REGIME

Wellers identified numerous areas where the company needs to make changes to comply with the new data protection regime when it is effective in 2018. It agreed on a process and timetable for the introduction of these measures with the client including appointing a Data Protection Officer, breach response plan and issue of new customer information notices.

If you have any doubts about whether you comply with the incoming data protection regime please contact Parmjit Bhogal on 020 7481 2422 or email parmjit.bhogal@wellerslawgroup.com