The Audit Function

Why Do We Need To Audit GDPRiS? What are the tasks of the DPO? To inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws. To monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits. To be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc).

What Does An Audit Involve? This is an opportunity to “stop the clock” For the school manager to periodically check data protection activities and to facilitate understanding For the DPO to check that all aspects of compliance requirements have been met To identify any gaps and enable schools to address those needs

SCHEDULE AUDIT REQUIREMENTS- The school manager and DPO can set audit reminder dates

SEE PROGRESS- The school manager and DPO can see the progress of audits

WHAT CAN BE AUDITED? The supplier (Data processor) mapping

WHAT CAN BE AUDITED? The supplier (Data processor) data sharing agreements and security questions

WHAT CAN BE AUDITED? Departmental Questionnaires Including: Leadership School-Wide Support Reviews and Improvements

WHAT CAN BE AUDITED? Privacy Impact Assessment Questionnaires

WHAT CAN BE AUDITED? Staff Self Assessment Questionnaires (SAQ’S)

Identify Any System Gaps- The School Manager and DPO will ensure that all responses reflect GDPR compliance. The reports will also help school managers and DPOs identify any gaps in their compliance journey (if non compliant responses are made). Highlighting the gaps that exist and needs to be filled- enables the school to focus on work and resources required to achieve and maintain compliance.

REPORTS – will be available List of staff SAQ replies Suppliers/Services Data mapping query Internal Review Suppliers documentation/ uploads Breaches List of training documents