Why an audit?
Our consultancy provides a detailed review of your readiness for GDPR and an action plan of what to do to ensure compliance. Whilst the audit takes several days, we need only one day in school with you and your staff.
We start with an initial telephone call to plan out the day spent with you - what information is needed and who will need to be available. This is likely to be those with operational focus, a mixture of governance staff - the Head, the IT Manager, Business Manager, possibly Chair of Governors and other members of the senior staff with an operational focus.
The day will be spent gathering information and also explaining why it's needed for GDPR compliance. It includes:
- An analysis of your school's processes and procedures relating to data management, governance and risk management
- A full review of the information management systems in place including a high-level data inventory, to log where and how personal data is stored
- A review of how well you are meeting the GDPR Data Principles:
- Collection and purpose of processing
- Quality and completeness
- Data retention
- A review if any international data transfers apply to your school
- How ready you are to respond to a data breach
- Your understanding of the Rights of Data Subjects, and your ability to respond to a subject access request
- A review of awareness training and organisation-wide data protection by design
- Roles and responsibilities, including your school's requirement for a Data Protection Officer
- Your organisation's ability to manage a large-scale compliance project