Free GDPR Information Audit Template

Information Audit Banner

This free GDPR information audit template has been developed to comply with the current data protection legislation. Available to download without having to add any contact details. The easy to use Excel template can be fully customised and is suitable for any business type or industry.

What is a Data Protection Information Audit?

Hand and technical wheel imageCarrying out a companywide information audit is one of the ICO’s first recommendations for UK GDPR preparation. An audit is essential if you are reviewing an existing data protection program or have recently been added to the data protection register. The aim of a GDPR information audit is to map the personal data flows within your organisation.

The free information audit template is a register of all personal data processed by you. This includes identifying and recording how personal data flows into, through and out of the business. When a business knows and understand how and where data flows, they can ensure it is protected and processing complies with the Regulation and legislation.

A GDPR information audit allows you to assess and identify what personal data you process and the reasons for processing. It also serves as a template for ongoing data protection compliance in areas such as data subject rights, safeguarding measures, retention periods and personal data reviews.

Where to Start with an Information Audit

You should start by identifying any functions, processes and areas that involve processing personal data within your organisation. This can include, but is not limited to, data that is collected, processed, stored, transfered and disclosed. Examples of data sources are: –

  • Employee contact details
  • Payroll data
  • Customer contact details
  • Mailing lists
  • Online forms
  • Consultations
  • Orders

How you complete a GDPR information audit will largely depend on the size and scope of your organisation. For smaller businesses and those with less complex processing activities, all ata can be collated on one audit record. For larger firms or those with more complex processing needs, an information audit per business area or department may work better.

What to Include in a GDPR Information Audit?

Once you have identified all personal data flowing into and out of the organisation, you can document the findings in the information audit template. In the free GDPR information audit template we have provided, we have included specific headings for you to use. These are fully customisable, but are the recommended requirements for an data protection audit.

Information about data flows includes the source of the data, legal basis for processing, purpose, disclosure recipients and transfers. The headings in the Excel template also come with descriptions and we have provided a completed information audit example for you to use as guidance.

Free Information Audit Template

Information Audit Examples

Once complete, you will have identified, categorised and recorded all personal information obtained, processed and shared by your company. This information will include: –

  • What personal data we hold.
  • Where it came from.
  • Who we share it with?
  • Legal basis for processing it.
  • What format(s) is it in.
  • Who is responsible for it?
  • Disclosures and transfers.