GDPR Audits and Health Checks

We have years of experience carrying out Data Protection / GDPR audits and health checks, both pre and post GDPR. Our methodologies have been honed by our specialist lawyers to efficiently capture information about how your organisation handles personal data so that you get a picture of how compliant you are with law.

If you are a school, or college and looking for information about our GDPR audits and health checks for schools click here. For the ISBA GDPR Health Check click here.

The aim of the GDPR audit or health check is to determine and assess your organisation’s level of compliance with the requirements of the UK Data Protection Act 2018 and the European General Data Protection Regulation (GDPR). If you carry out electronic marketing then we will also measure your compliance with the Privacy and Electronic Communications Regulations 2003 (or PECR).

        • Carried out by a data protection solicitor experienced in audits
        • All types of organisation and all sectors
        • Output is protected by solicitor-client confidentiality, so your business information is protected
        • Built to efficiently assess your level of compliance with GDPR, UK DPA 2018 and PECR.
        • Includes a detailed, confidential and legally privileged report that describes areas of non- compliance
        • Executive summary ideal for senior management or Directors
        • We make recommendations (if necessary) to rectify non-compliance and grade them in terms of urgency
        • Scope of the exercise is agreed with you in advance, so you control the costs

A prerequisite of any successful audit plan is getting to know how you operate. This will help us glean a clear and accurate picture of the flows of personal data into and out of your organisation. It will also show the purposes for which that data is being processed. High risk areas, such as marketing, fundraising, BYOD, IT, Special Category Personal Data etc. will be scrutinised.


At the end of the exercise you can be confident of your position relative to the legal requirements and what changes, if any, we recommend.

We have worked closely with business and Non-Profits or for many years and carried out many data protection audits. This means we are already familiar with the main “tripwires”. This makes for a more efficient exercise, allowing us to quickly get to the heart of your risk profile.


Which is more appropriate for us, a data protection audit or a data protection health check?

This depends on a range of factors. These include your perceived level of current risk, budget and how bespoke the exercise will be.

Our Data Protection Health Check involves a high level but thorough review of critical areas that engage GDPR. The scope, depth and duration (and therefore also the cost) of a health check is less than that of a full audit. However, even though an audit typically costs more, we always agree audit fees in advance, so you remain in control of costs.

If you aren’t sure which service to deploy, please get in touch and we will discuss the differences and costs.

We look forward to talking with you.

For more detailed information please contact us. If your query is urgent you can contact us by telephone on 01386 793632 or email