What are Data Audits & Why They are important
A data audit is the first step you can take towards GDPR compliance. A data audit is one of the most effective ways you can review and document the personal data that is held within your organisation and will help you to identify any problem areas within your overall data management.
The data audit will help you establish:
- the data that you have
- how it has been collected
- why you hold this data
- how it is being used
- where and how you store it,
- who you share your data with
- how you use it
Whilst some organisations might look at this action with dread it will in the long term help you to better monetize your data, be accountable with confidence about the data you have and offers transparency to your customers about the way in which their data is used and stored which all adds to an increased and enhanced reputation in your market place.
From a monetary perspective it can show where money is being wasted and thus help you to use your data more effectively and achieve a significantly higher ROI and therefore how you can increase your profits. To be compliant with the GDPR you need to know your data and this could mean taking the time to map all of your data, and use it to gain visibility and clarity over your information flows.
You need to know
- What types of data do you hold?
- How (and where) did you collect the personal data?
- Why do you hold this data and how is it being used?
- Where and how do you store this data?
- What do you do with your Data?
- Retention, how long do you keep your data?
- Communicating your privacy practices
You need to know that data that you are collecting.
Under the GDPR there is personal data and then there is special category personal data.
Standard personal data is any information that can be used to identify an individual
Standard Personal Data includes:
- Name
- Address
- Email Address
- IP Address
- Phone
- National Insurance Number
- Passport Details
Special Category Personal Data
- Health information
- Racial or Ethnic origins
- Religious or philosophical beliefs
- Political opinions
- Trade Union activities
- Sex or Gender identity
- Genetic, Biometric data that is used for the specific purpose of identifying an individual
It should be noted that in order to process special category data, you will need explicit consent from the individual.
Are you processing data of children (under 16 in the UK) you will need a mechanism to be able to accept parental consent.
Let Us Help
All this can be a daunting task, that’s where we come in. We are used to doing Data Audits, so can guide you through the process and onward to becoming GDPR compliant.