How to conduct an audit of HR personal data for the UK GDPR
Author: Heledd Lloyd-Jones
Summary
Click on any of the hyperlinks to go to more detailed guidance below.
- Understand that a data protection audit is an important tool for employers in complying with the requirements of the UK GDPR and the Data Protection Act 2018.
- Establish the scope of the HR personal data audit, including the categories of personal data to be captured and the treatment of legacy data, before starting.
- Prioritise the data to be audited and create a projected timeline for completing the audit.
- Understand how the information collected will be used to identify compliance gaps.
- Devise a methodology to collect the information required.
- Determine the format for recording the results of the data audit, including compliance gaps, recommendations and corrective actions taken.
- Use relevant information from the data audit to populate and maintain the organisation's data register.
- Implement processes for updating audit documentation and maintaining the data register, and ensure that these are referenced in applicable data protection policies and procedures.
To continue reading, register for free access now.
Register now
Already a Brightmine HR and Compliance Centre user?
Log in
