Why should I undertake a Data Protection Audit?

It is very important to understand whether your privacy program is delivering the right results.

You need to ensure that your data protection risks are under control and don't pose a threat to your business or to your customers.

It’s a time for the organisation to take a step back from day to day activities, take stock of where they are at, identify their strengths and weaknesses and adjust their course.

How will a data protection audit help me?

The GDPR requires that organisations processing personal data can demonstrate compliance with data protection laws.

Independent audit helps an organisation to demonstrate compliance by performing an in-depth assessment of data protection compliance activities by:

  • Delivering a critical and bias-free assessment
  • Demonstrating your commitment to your compliance program
  • Identifying areas of weakness that contribute to data processing risks
  • Ensuring your resources are focused in the right place
  • Providing you with an action plan to take your program forward
  • Giving you confidence in your data protection compliance programme

What’s unique about a Data Protection Audit with Fort Privacy?

The Fort Privacy Data Protection Audit is built on our Maturity Model Framework.

Maturity Models are powerful tools that are used by organisations to assess, measure progress and manage compliance program goals.

They allow organisations to set realistic targets for compliance programs based on measurement of current activity.

Compliance programs that progress through controlled stages of maturity are more likely to succeed delivering greater benefits with less overall effort.

Maturity model audits deliver control and certainty creating long term program success.

Our Process

Scoping the Audit:

We start by talking to you about your compliance program.

  • We want to understand why you are undertaking an audit and what outcomes you want to achieve. This helps us to scope the audit to best fit your needs.
  • We like to understand where your data protection risks lie and therefore where you need your compliance program to reach higher standards of maturity.
  • Based on your input we will suggest an appropriate scope for your maturity model audit.


Audit Preparation and information gathering

Once we have agreed on a high-level scope and you are happy to proceed, we start the audit preparation.

  • This involves agreeing the detailed audit schedule for audit interviews and onsite activities.
  • We will identify who should be involved in the audit
  • We ask you to start gathering the key documents together and get them to us to complete our pre-visit preparation steps.


On-site Phase

When we have completed the preparation stage we carry-out the onsite interviews and evidence gathering.

  • Our audit is carried out using the CalQRisk compliance tool to provide structure to the onsite phase of the audit.
  • Fort Privacy auditors have the right combination of data protection and audit skillsets to evaluate interview responses and evidence to accurately assess your programme.


Report Generation

On completion, we provide an initial assessment of the findings followed up by a detailed audit report.

  • Our report provides an assessment of current maturity level and detailed list of actions required to progress to the next level.
  • Meeting with the board and management team to review findings.



Contact Us

Complete this form if you would like to find out more about the service – in confidence and with no commitment other than an informal discussion.

Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Privacy Statement for further information.