GDPR Audit

GDPR Audit Service

If your organisation is considering an audit (also sometimes called a gap analysis or assessment) then choosing a company who specialises in GDPR Audits makes sense.

Our team has completed over 100 audits since the GDPR came into force. We have also covered every business type in many countries inside and outside of the EEA.

We bring our expertise, combine it with good practice we have observed and add it to the evolving EU and ICO guidelines.  As a result providing you a bespoke audit covering every aspect of your personal data processing.

The final report is tuned to your specific requirements as well as prioritised according to the risks that are unique to your business.

Why is this important?

Because no two businesses are alike and no single finding poses the same level of risk to any two businesses.

An Audit is a big Commitment

Commissioning a GDPR Audit shows a certain level of maturity as well as commitment.

The Audit process will require a level of involvement from potentially all areas of your business. Such as HR, Sales and Marketing, Information Technology, Security and Development if applicable.

Following on from the audit you will receive a detailed audit report with findings and prioritised recommendations. In addition, we provide comprehensive explanations covering any special considerations too.

According to the UK Information Commissioner:

“An audit provides an assessment of whether your organisation is following good data protection practice. We (ICO) believe that audits play a key role in assisting organisations in understanding and meeting their data protection obligations.”

“We (Auditors) check if you are following data protection legislation as it applies to your organisation”

Post Audit

A GDPR Audit is certainly not the end of the process, in most cases the beginning.

Most clients choose to work with us because they want full organisational coverage for their audit and a quality report which they can use to drive change.

Our clients also know that when the audit is complete, they have a roadmap which enables them to improve their GDPR compliance in their own time and in a way which works for them.


Our clients also know that if they need help then we are there for them whether it’s:

  • documentation such as policies, processes, procedures
  • Agreements such as controller-processor agreements, Data Processing Addendum’s, Model Clauses, 3rd Party Contracts.
  • Technology and Cyber Security specification, as well as implementation, project management and support
  • Compliant website and application design, development as well as hosting and deployment

We cover the entire range of GDPR specific services and associated documents such as, DPIA, LIA, Record of Processing, Data Retention, Subject Access Requests and more.

So, if you are looking for partner who can cover your GDPR needs under one agreement and a single point of contact then we would be happy to help.

And if you only want an Audit then that’s OK too.

GDPR Staff Awareness Training

We also offer a full range of training services including our online GDPR Staff Awareness Training. You an read more about our online training here: GDPR Staff Awareness Training.


How long does an audit take?

  • Anywhere between 1 and 3 days on site and also some time to ourselves to write the report.

Can you do audits remotely?

  • Yes, we can, provided we can get clear communications set up.

How do I know who needs to be interviewed?

  • We send you a list of areas we wish to cover, you tell us who in your organisation is best placed to cover those areas. Then we create an audit schedule so everyone knows where they need to be and when.

What do we need to do to prepare for the audit?

  • Nothing except know your own roles and responsibilities. The audit is designed to take you as you are, basically warts and all.

Can you help us to remediate the findings from the report?

  • We can help remediate any or all the findings – sympathetically working with you and also any 3rd parties.

Will an Audit make me GDPR Compliant?

  • In short no it won’t, there is no definition or certification of GDPR compliance. However, it will help to reduce your personal data risks and demonstrate that you are taking the right steps. It also provides a degree of assurance to your clients, suppliers, customers, and employees.Above all your progress and any efforts to comply with the GDPR will be looked upon favourably by the supervisory authority if you are unfortunate enough to suffer a personal data breach.


I found GDPR auditing to be very professional, timely in responding to queries throughout the process and excellent to work with. The audit itself was a smooth process and the style in which it was conducted helped us understand the legislation more as we progressed through the process. The final audit document was very well laid out and gave us all the information we needed in a clear and concise manner. Thank you for your help!

Read more about our Audit Clients.

Case Study

A case study of a recent audit GDPR Auditing completed for a high street retailer can be found here.

Get in touch

To find out more about this service or any of our other services please email us at or get in touch via our contacts page.