Personal Data Audit

How to carry out a personal data audit 

A personal data audit exercise is a process of identifying and assessing the personal data that an organisation holds, and how it is processed. The audit should identify the sources of the data, the purposes for which it is used, and the methods by which it is stored and processed. The audit should also identify any risks to the data and any gaps in the organisation's data protection measures.

The following are the steps to carry out a personal data audit exercise:

Identify the sources of personal data.
The first step is to identify the sources of personal data that the organisation holds. This includes data that is collected directly from individuals, such as customer contact information, as well as data that is collected from third parties, such as social media platforms.

Determine the purposes for which the data is used.
The next step is to determine the purposes for which the personal data is used. The organisation should be able to justify the collection and use of the data for each purpose.

Identify the methods by which the data is stored and processed.
The organisation should identify the methods by which the personal data is stored and processed. This includes both manual and automated methods.