The first question to ask yourself, to determine if a GDPR assessment is necessary is, does my business deal with personal data? This includes, not only your customer data but also your supplier data. In addiition, past and present employees data, and anything else you’ve collected, that doesn’t fall into any of these groups. If you are routinely collecting any of this data you should undertake a GDPR assessment, whether the data is on a spreadsheet, on your computer network, your mobile phone, or in the cloud.
A GDPR assessment provides an estimate of the ongoing process in your business, in terms of risks and benefits which need to be considered in order to achieve compliance to the GDPR. If you are an SME, micro business, self employed person or home based business and unsure about the need for a GDPR assessment, your first step should be to talk to a qualified GDPR and data protection specialist about your specific requirements. A free introduction service is offered by the GDPR Consultant.
A GDPR data audit plays a key role in assisting your business to understand and meet your data protection obligations. The GDPR audit looks at whether you have effective controls in place alongside fit for purpose policies and procedures to support those obligations. Your business will benefit from the knowledge and experience of a GDPR audit, and it is an opportunity to discuss relevant data protection issues.
Once a GDPR audit is undertaken, most small business owners are very surprised at just how much personal data they store and process. Many who consider themselves compliant without going through the correct process, or put their trust in legally unqualified advice, are very likely to find themselves falling short of GDPR compliance, so it goes without saying that that your GDPR audit should always be carried out by a qualified GDPR legal professional.
The GDPR audit will determine what kind of data is collected and stored, how it is processed, who has access to the data and for how long it is retained. The complete list of checks will then be based on the type and size of your business and your processing complexities. Without a data audit to ensure full GDPR compliance, you could be operating illegally, so further to taking advantage of free GDPR legal advice, an audit is likely to be your next step towards compliance.