How to conduct an audit of HR personal data for the General Data Protection Regulation (GDPR)
Author: Heledd Lloyd-Jones
Click on any of the hyperlinks to go to more detailed guidance below.
- Understand that a data protection audit is an important tool for employers in complying with the requirements of the GDPR and the Data Protection Act 2018.
- Establish the scope of the HR personal data audit, including the categories of personal data to be captured and the treatment of legacy data, before starting.
- Prioritise the data to be audited and create a projected timeline for completing the audit.
- Understand how the information collected will be used to identify compliance gaps.
- Devise a methodology to collect the information required.
- Determine the format for recording the results of the data audit, including compliance gaps, recommendations and corrective actions taken.
- Use relevant information from the data audit to populate and maintain the organisation's data register.
- Implement processes for updating audit documentation and maintaining the data register, and ensure that these are referenced in applicable data protection policies and procedures.