Scribd
Upload
2K views2 pages

Thrive GDPR Audit Template

This document provides guidance on conducting a data audit as the first step for an organization's GDPR compliance journey. It lists several areas to examine, such as what data is collected, where it is stored, how it is protected, how long it will be retained, and the process for removing data upon request. Once the questions are answered, the data can be added to a data audit form detailing the type of data, its description, location, source, purpose, protection, usage restrictions, rights, frequency, and retention period. The data audit will catalog an organization's personal data as required by GDPR.

Uploaded by

CSK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
2K views2 pages

Thrive GDPR Audit Template

This document provides guidance on conducting a data audit as the first step for an organization's GDPR compliance journey. It lists several areas to examine, such as what data is collected, where it is stored, how it is protected, how long it will be retained, and the process for removing data upon request. Once the questions are answered, the data can be added to a data audit form detailing the type of data, its description, location, source, purpose, protection, usage restrictions, rights, frequency, and retention period. The data audit will catalog an organization's personal data as required by GDPR.

Uploaded by

CSK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

GDPR - Let’s get started

When you begin your GDPR journey, it’s useful to do a data audit to see what data you have,
and what you may have to consider. Here are some areas you might like to look at:

What data do we collect?

(Name, email address, social media posts, location, IP address, Cookies)

Where do we store the data?

(Emails, documents, databases, backups, email lists)

How do we protect and document the data we have?

(Passwords, limited access, databases)

How long do we plan to keep the data for?

(Three Years, Five Years etc…)

Do we have a function/ reason for every piece of data we collect?

(Name: customer service, Contact Number:contact if show is cancelled)

What is the process if someone asks to be removed from our records?

(Whose responsibility, what records needs to be checked etc...)


Once you have answered all these questions you can add each set of data to this table to
formally store:

Data Audit Form Asset Detail


Type of Data

Description of data

Employee responsible

Date of consent to hold data

Where the data is stored

Source of the data

Purpose of the data

How the data is protected in its storage

Usage restrictions

Usage rights

Usage frequency

Retention period

Comments

Note: This is intended to provide an overview of GDPR and is not a definitive statement of
the law. For a definitive guide, check out the Information Commisioner’s Office website.

You might also like