Data protection compliance—self-audit
Data protection compliance—self-audit

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data protection compliance—self-audit

Lawfulness, fairness and transparency

ICO expectationLexisNexis® guidanceLexisNexis® Precedents and tools
☐  Conduct information audit to map data flowsData protection compliance planning—Data mappingSample data processing map
Data mapping—internal questionnaire
☐  Document what personal data you hold, where it came from, who you share it with and what you do with itThe General Data Protection Regulation (GDPR)—AccountabilityData processing register
☐  Identify and document your lawful bases for processingProcessing personal data—lawful processingData processing register
☐  Review how you ask for and record consentProcessing personal data—standard of consent
Processing personal data—obtaining, recording and managing consent
Consent to process personal data—sample wording
Preference centre supplier questionnaire
☐  Implement systems to record and manage ongoing consentProcessing personal data—obtaining, recording and managing consentPreference centre supplier questionnaire
☐  Implement systems for obtaining and managing children’s consent to process personal data for online services (if relevant)Children and data protection law
Children and data protection lawR—code of practice for online services
To follow
☐  Clearly document the circumstances where you may be required to process data to protect the vital interests of an individual (if relevant)Processing personal data—lawful processing
This is most likely to be relevant in the context of the employment relationship
Policy—data protection
☐  Conduct a legitimate interest assessment, where you rely on legitimate interests as the lawful basis for processingProcessing personal data—legitimate interests
Processing personal data—conducting a legitimate interest assessment
Processing personal data—legitimate interests—practical examples
Legitimate interest assessment—data processing—short form
Legitimate interest assessment—data

Popular documents