Data protection remains a high priority for many organisations. The risks of failing to comply with data protection law include significant financial penalties (which can be up to the higher of £17.5m and 4% of global annual turnover) and reputational damage.
What is an annual compliance check?
An annual compliance check is an effective way of assessing your data protection compliance to identify areas of risk. It is similar to a full data protection compliance review but is a more cost-effective process that can be carried out more flexibly.
Why do we need to carry out an annual compliance check?
Annual compliance checks are a good way of assessing where there are gaps in your compliance that may result in risks to your business. Many businesses operate without all the documentation they need or with documentation that is inadequate. And others have good documentation in place but do not follow policies and procedures in practice. It is not unusual for businesses to be unaware of compliance issues until it is too late. Examples of these issues which resulted in enforcement action can be seen on the Information Commissioner’s Office’s website under ‘action we’ve taken’ (https://ico.org.uk/action-weve-taken/enforcement/).
Regular reviews can be a good way of identifying issues so they can be dealt with before there are negative consequences such as fines.
If we have already carried out a compliance review in the past, do we need to carry out an annual compliance check?
It is advisable to review compliance regularly and we recommend that this is done annually where possible. Data protection is a fast-moving area and changes such as new guidance from the ICO, court decisions and Brexit can mean that you need to make amendments to documentation or vary your policies and procedures. There may also be internal changes, such as changes to your business structure or processing activities. Unless you keep compliance under regular review, it is easy to fall foul of the regulations.
How does 3CS carry out annual compliance checks?
We can tailor the process to your business but our standard approach is to provide questionnaires, request documentation and arrange a follow-up meeting.
Our questionnaires help us to gather the information we need from you and we use these, your responses during our meeting and documentation to review data protection compliance across your business. Should you have concerns about a particular area of your business, then we can adapt our approach to cover that area.
What will happen after the annual compliance check and what will be provided to us?
Once we have completed the annual compliance check, we provide a report outlining our findings and setting out our recommendations. Recommendations made will be colour-coded in order of priority level to help with implementation.
We can also assist with implementation should assistance be required. If you would like further information about how we can help with minimising your risks from a data protection perspective or if you would like more information about our annual compliance checks, please contact us.