Data Protection Homepage    
Audit Guide Homepage    
Download print version    

Planning | Preparation: Conducting the Adequacy Audit | Preparation: Compliance Audit | Conducting the Compliance Audit | Audit Execution | Reporting | Audit follow-up

< Previous | Next >
 

Non-compliance Categories (print ref: Part 3, Section 4.2)

A Non-compliance will be recorded whenever the Auditor discovers that the organisation's Data Protection procedures are inadequate to prevent breaches of the Data Protection Act or they are adequate but are not being followed correctly. The Non-compliance Record pro-forma of Annex C.6 allows the Auditor to distinguish between two different levels of Non-compliance as follows:

Major Non-compliance

These occur in the following circumstances:

• Ongoing and systematic breaches of the Data Protection Act have been found.
• These breaches could have serious consequences for the individuals affected, e.g. a typographical error in personal data leading to a person being wrongly imprisoned overnight.

Minor Non-compliance

These occur in the following circumstances:

• One off breaches of the Data Protection Act have been found usually caused by human error.
• These breaches would have only a minor impact on the individuals affected, e.g. a typographical error in the spelling of someone's name causing annoyance.

It should be noted however, that a number of Minor Non-compliances in the same area can be symptomatic of a system breakdown and could therefore be compounded into a Major Non-compliance.

Return to top
 

< Previous | Next >

What is a Data Protection Audit? | Why Audit? | Beginner's Guide | Step-by-step Process | Forms and Checklists | Site Index
Copyright