Regular compliance audits fall under best practices whereby constant environment scanning with a risk adjusted approach are needed. Furthermore, compliance audits highlight security gaps in procedures, protocols, systems and human resources to avoid negligent data breaches or mis-use of personal information.
Compliance audits are useful in:
- Identifying all the collection points of personal information, like websites, application forms, call centres, employment application forms and event attendance sheets,
- Identifying personal information being collected and whether it is being collected directly from the data subject or via a third party,
- Identifying all purposes for processing both internal and external access (including disclosure)
- Identifying when exceptions to conditions for lawful processing apply,