Data Protection Homepage
|
|
Planning | Preparation: Conducting the Adequacy Audit | Preparation: Compliance Audit | Conducting the Compliance Audit | Audit Execution | Reporting | Audit follow-up |
Non-compliance Categories (print ref: Part 3, Section 4.2)A Non-compliance will be recorded whenever the Auditor discovers that the organisation's Data Protection procedures are inadequate to prevent breaches of the Data Protection Act or they are adequate but are not being followed correctly. The Non-compliance Record pro-forma of Annex C.6 allows the Auditor to distinguish between two different levels of Non-compliance as follows: Major Non-compliance These occur in the following circumstances:
Minor Non-compliance These occur in the following circumstances:
It should be noted however, that a number of Minor Non-compliances in the same area can be symptomatic of a system breakdown and could therefore be compounded into a Major Non-compliance. |
|