• Slider Image

EU Data Act | GDPR | Data Protection Audit

About our EU Data Act/ GDPR Audit and DPO Support Service –

Achieving compliance is the first hurdle, staying compliant and avoiding complacency is another challenge. With the EU Data Act being enforceable from September 2025 and GDPR procedures and practices evolving with time, and staff movement resulting in the loss of reliable old hands,… we need to be ever vigilant to the risk of being non-compliant, or of a Data Breach and the potential fines from both the UK’s ICO and the European Authorities after 12th September 2025. Regular audits need to play a part in the “business as usual” landscape.

For our clients we have produced: EU Data Act risk/ readiness reports, Breach Management Procedures, GDPR Risks Registers, GDPR Controller & Processor Documentation, Information Asset Registers, Business Process Register/ Tracker, Data Mapping Documents, Process Flow Documents, DSAR Procedures, DS Rights Request Procedures, Recertification of Consent Procedure, Change Control Approach Documents & Discovery Progress Dashboards.

All the above have been created from scratch or modified to suit a particular scenario by our consultants and used on real world assignments inc a global financial services firm, a magic circle law firm, an international theatre group (with 18 million clients on their CRM) and a leading social housing construction firm that manages 37,000 tenanted properties.

EU Data Act & GDPR Audit Call-Back Request

Hopefully all your risks to client, employee and supplier PII are mitigated with revised policies, processes and procedures in place, along with confirmed systems controls to restrict access to only those “needing to know” to be effective in their role function.

Our DPO Support Service also includes the maintenance of, or confirmation of :

  • Information Asset Registers/ EU Data Act Risks Discovery
  • Governance Processes for EU Data Access Requests
  • Data Mapping & Data Flow.
  • Controller or Processor Documentation to prove accountability.
  • Personal Data Breach logs.
  • Data Subject Rights Request logs.
  • Personal Information Risk Register.
  • Other appropriate privacy information.
  • Any other elements of the information governance framework.