Skip navigation Spacer Spacer Spacer
Data Protection Logo Spacer Guide to Data Protection Auditing

Data Protection Homepage  Bullet  
Audit Guide Homepage  Bullet  
Download print version  Bullet  

What is a Data Protection Audit? Why Audit? Beginner's guide Step-by-step Process Forms and Checklists Site Map

SpacerPlanning | Preparation: Conducting the Adequacy Audit | Preparation: Compliance Audit | Conducting the Compliance Audit | Audit Execution | Reporting | Audit follow-up

Spacer Spacer

< Previous | Next >
 

Spacer
Spacer

Non-compliance Categories (print ref: Part 3, Section 4.2)

A Non-compliance will be recorded whenever the Auditor discovers that the organisation's Data Protection procedures are inadequate to prevent breaches of the Data Protection Act or they are adequate but are not being followed correctly. The Non-compliance Record pro-forma of Annex C.6 allows the Auditor to distinguish between two different levels of Non-compliance as follows:

Major Non-compliance

These occur in the following circumstances:

  • Ongoing and systematic breaches of the Data Protection Act have been found.
  • These breaches could have serious consequences for the individuals affected, e.g. a typographical error in personal data leading to a person being wrongly imprisoned overnight.

Minor Non-compliance

These occur in the following circumstances:

  • One off breaches of the Data Protection Act have been found usually caused by human error.
  • These breaches would have only a minor impact on the individuals affected, e.g. a typographical error in the spelling of someone's name causing annoyance.

It should be noted however, that a number of Minor Non-compliances in the same area can be symptomatic of a system breakdown and could therefore be compounded into a Major Non-compliance.

Return to top
 

Toolbox top border
Spacer

Compliance Audit Reporting

Spacer
Spacer
Toolbox bottom border


< Previous | Next >

Spacer
Spacer