Awdurdod annibynnol y Deyrnas Unedig a sefydlwyd i gynnal hawliau gwybodaeth er budd y cyhoedd, annog cyrff cyhoeddus i fod yn agored a hybu preifatrwydd data i unigolion.

External audit or compliance check

Your organisation arranges an external data protection and information governance audit or other compliance checking procedure.

Ways to meet our expectations:

  • Your organisation completes externally-provided self-assessment tools to provide assurances on data protection and information security compliance.
  • Your organisation is subject to or employs the services of an external auditor to provide independent assurances (or certification) on data protection and information security compliance.
  • Your organisation adheres to an appropriate code of conduct or practice for your sector (if one exists).
  • You produce audit reports to document the findings.
  • You have a central action plan in place to take forward the outputs from data protection and information governance audits.

Can you answer yes to the following questions?

  • Do staff adhere to the external standards as claimed?
  • Are they aware of a range of suitable external tools?
  • Are senior managers aware?