Data protection compliance—self-audit

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Data protection compliance—self-audit

Data protection compliance—self-audit

Lawfulness, fairness and transparency

ICO expectationLexisNexis® guidanceLexisNexis® Precedents and tools
☐  Conduct information audit to map data flowsHow to manage data protection compliance—Data mappingSample data processing map
Data mapping—internal questionnaire
☐  Document what personal data you hold, where it came from, who you share it with and what you do with itIntroduction to the EU GDPR and UK GDPR—Accountability and governanceData processing register
☐  Identify and document your lawful bases for processingHow to process personal data lawfullyData processing register
☐  Review how you ask for and record consentProcessing personal data—standard of consent
How to manage consent—personal data
Consent to process personal data—sample wording
Preference centre supplier questionnaire
☐  Implement systems to record and manage ongoing consentHow to manage consent—personal dataPreference centre supplier questionnaire
☐  Implement systems for obtaining and managing children’s consent to process personal data for online services (if relevant)Children and data protection law
Children and data protection law—the age appropriate design code (children’s code)
Mobile app privacy information for children aged 6 to 9—generic
Mobile app privacy policy for children aged 10 to 12—generic
☐  Clearly document the circumstances where you may be required to process data to protect the vital interests of an individual (if relevant)How to process personal data lawfully
This is most likely to be relevant in the context of the employment relationship
Policy—data protection
☐  Conduct a legitimate interest assessment, where you rely on legitimate

Popular documents