Regular compliance audits fall under best practices whereby constant environment scanning with a risk adjusted approach are needed. Furthermore, compliance audits highlight security gaps in procedures, protocols, systems and human resources to avoid negligent data breaches or mis-use of personal information.

Compliance audits are useful in:

• Identifying all the collection points of personal information, like websites, application forms, call centres, employment application forms and event attendance sheets,
• Identifying personal information being collected and whether it is being collected directly from the data subject or via a third party,
• Identifying all purposes for processing both internal and external access (including disclosure)
• Identifying when exceptions to conditions for lawful processing apply,