What are the indicators that data protection compliance is being managed well or not? What are the most important checks to carry out? Which checks are quick and relatively easy indicators of an effective compliance framework?

Basic checks can help to identify systemic problems with the compliance framework, such as, no one is taking responsibility for data protection through lack of knowledge, time or inclination or that there is no data protection training programme in place.

Here are some suggestions for the top data protection compliance cheques that are quick and reasonably straight forward:

  1. Ask to see the organisation’s data retention policy. Ask one or two colleagues if their department follow the retention periods in practice.
  1. Walk around the offices, preferably just after most people have left, and form a view of the general tidiness of the office, whether paperwork has been left on desks, or whether computers screens are still switched on and whether cabinets are locked.  Check printers and photocopiers for “orphan” documents and that confidential waste bins are not overflowing.
  1. Ask to see the contracts register. Are contracts involving data processing flagged or highlighted in some way?
  1. Ask to see the training policy and any records of employee training on data protection.
  1. Check the organisation’s website and look for a) a cookie consent banner, b) a privacy policy comprising privacy notice and a cookie policy. (The difference between these policies and notices and their role is explained in our recent article “Top five data protection definitions” here: https://dataprotection.me.uk/top-five-data-protection-definitions/)

Routine compliance checks are at the heart of demonstrating compliance which is necessary to meet the GDPR principle of Accountability.  If you do not have time or inclination to carry out these checks yourself, think about outsourcing them to professionals who can also advise on ad hoc issues and provide peace of mind that the increasingly important area of data protection compliance is not being overlooked.

Mandy P Webster, Data Protection Consultant

Data Protection Consulting – supporting clients with data protection compliance services since 1999