Audit Templates (Standalone)

The first step in preparing for the GDPR is to make sure that you understand what personal data you process.

Researchers should consider the following checklist regarding security when assessing whether their technical and organization measures are appropriate:

• Are the automated systems protected by a level of security appropriate to the data held?
• Are technical measures in place to restrict access to systems holding personal data?
• Are technical measures in place to secure data during transit (e.g. to subcontractors and interviewers)?
• How is the data stored by your sub-contractors and interviewers – is it adequate and appropriate?
• Are the premises on which the data is held secure?
• Is access to the premises restricted?
• If the data is held on non-automated systems e.g. paper files, discs, microfilm, and microfiche, is access still restricted or secure?
• Are copies of printouts, obsolete back-up tapes etc. disposed securely?
• Is obsolete hardware and software from which data could be recovered disposed of securely?
• Is there an auditable data retention and destruction policy?
• Are staff trained and made aware of their responsibilities to safeguard the personal data?

Login to your subscription to download this template for planning a GDPR audit.