The Information Commissioner, who is responsible for enforcing and promoting compliance with the UK General Data Protection Regulation (the UK GDPR), has identified audit as having a key role to play in educating and assisting organisations to meet their obligations. As such, the Information Commissioner’s Office (ICO) undertakes a programme of consensual and compulsory audits across the public and private sector to assess their processing of personal information and to provide practical advice and recommendations to improve the way organisations deal with information rights issues.
This document outlines how ICO will carry out data protection audits in organisations.