General Data Protection Policy

Information Audit

The DPO must undertake an information audit which details the personal data held, where it came from, the purpose for holding that information and with whom the council will share that information. This will include information held electronically or as a hard copy. Information held could change from year to year with different activities, and so the information audit will be reviewed at least annually or when the Council undertakes a new activity. The information audit review should be conducted ahead of the review of this policy and the reviews should be minuted.