GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 1

School DP Staff

Internal Audit

Version 1.07

Date: 26/11/2018

All rights reserved. This document and the associated software are the sole property of

GDPRiS. Reproduction or duplication by any means of any portion of this document without

the prior written consent of GDPRiS is expressly forbidden.

GDPRiS reserves the right to make changes to this document and to the related software at

any time without notice. The information in this document has been carefully checked for its

accuracy; however, GDPRiS makes no warranty relating to the correctness of this

document.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 2

Table of Contents

Internal Audit Overview ........................................................................................... 3

Log in to GDPRiS ..................................................................................................... 4

Internal Audit Frequency ......................................................................................... 4

Set up Audit Frequency ..................................................................................................... 4

Internal Audit Run Through ..................................................................................... 7

Data Mapping Review ....................................................................................................... 8

Answering Audit Questions .............................................................................................. 11

Reports .................................................................................................................... 12

Support ................................................................................................................... 13

Note: hold Ctrl+left click on a relevant section to navigate to it.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 3

Internal Audit Overview

This document is to show you how to set up and run through an internal audit to review your

GDPR compliance. Six audits can be set up in your school site to span across the year.

There are two types of question sets in the Internal Audit, Personal Questions and

Organisation Questions.

Personal Questions will be questions which each member of staff would be required to

answer regarding their data protection practices and what prior data protection training they

have had.

Organisation Questions would typically be answered by SchoolDPStaff users only. These

are designed to cover the school, rather than individual responses.

Both question sets allow you to either “Save current progress” which will allow you to save

your current answers to the database and to come back to them at a later date where you

can then “Save as Complete” which will again save your answers to the database without

anymore changes being made in the future to that specific audit.

Information from the audit such as user responses to questions can be found in the following

reports in the Reports section:

Users and Staff Reviews: Shows how many questions each user has answered from each

section.

Staff Data Protection Self Assessment: Shows each question which a user has answered

and their response.

All SAQ Responses: These are the responses from just the Organisation questions which

the SchoolDPStaff users have answered.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 4

Log in to GDPRiS

Click on this link to visit our website where you can login to the GDPRiS system.

When you are on the website, click “Login” at the top of the page.

If you do not know or remember your login details, please send an email to

support@gdpr.school and we will be able to help you log in.

Internal Audit Frequency

Set up Audit Frequency

When you log into the GDPRiS system, you will be taken to the dashboard.

Click on “Actions” via the menu on the left-hand side.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 5

Click “Settings”.

In Settings, you can set up dates for when you would like to run through an Internal Audit.

There are two types of question sets in the Internal Audit, Personal Questions and

Organisation Questions. (explanations on these question sets can be found in the Internal Audit

Overview section on page 3).

By default, today’s date will be shown in the “From” box and tomorrow’s date in the “To”

box. Amend these dates accordingly to when you would like to run through an Internal Audit.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 6

If you click on the boxes under “Organisation Questions” and “Personal Questions” next

to “Times a Year”, you will be able to choose how many times a year you would like to run

through an internal audit. (See image below)

Once you’ve selected the amount of times you would like an audit to be run, more boxes will

appear for you to fill in the dates you wish to have those audits on.

Once you have entered your dates, click “Save”.

Once you have saved your changes, it will take several minutes for the Internal Audit section

to be set up. Please allow a couple of minutes before trying to access the “Internal Audit”

section.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 7

Internal Audit Run Through

When your Internal Audit section is set up, click on “Internal Audit” via the menu down the

left-hand side of the screen.

In the screen shot below is an example of what the Internal Audit section looks like from a

SchoolDPStaff user’s point of view.

You will notice that the navigation menu on the left-hand side has gained an extra column.

The extra menu shows the sections which you will need to go through to complete an

Internal Audit.

As stated in the Internal Audit Overview section on page 3, The Individual Questions

section will need to be completed by both GeneralStaff and SchoolDPStaff users and the

School Questions will need to be completed only by the SchoolDPStaff users.

To start your internal audit. Read through the information in the main window and then click

“Start”.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 8

Note: It is important to note that when running through this audit, it is your responsibility to

check that the information in the GDPRiS system is correct for your school.

Data Mapping Review

Suppliers

Once you have clicked on “Start” you will be taken to the “Suppliers” section of the audit.

Make sure that you can see all your suppliers listed.

Click ‘Begin Review’ to start the review process of the selected supplier.

When you are happy with the fields of data being captured, click “Next”.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 9

In this section you will be able to see answers to questions which your suppliers have

answered.

Down the right-hand side, you will be able to see links to the Privacy, Terms and Conditions

and Cookie policies. Please take a minute to look at these when reviewing a supplier.

Each section on this page can be expanded to show the question which the supplier has

answered. Click on the down arrow to show the question.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 10

At the bottom right of this section are three buttons, “Back”, “Don’t Accept” and “Accept” as

well as a blank box.

The blank box is for you to type in a note when reviewing the supplier before either

accepting or no accepting to use the supplier moving forwards.

The “Back” button will take you back a page for you to review the previous page.

The “Don’t Accept” button can be used if you are not happy with the answers the supplier

has provided within the Internal Audit or where you are not satisfied with the compliance

practices or policies.

The “Accept” button can be used if you are happy with the answers the supplier has given to

the questions and if you are happy to use the supplier moving forwards after reviewing their

data mapping information from the previous page.

Click either “Don’t Accept” or “Accept” to continue with the audit.

Once you have reviewed the first supplier, if you selected “Accept” it will then appear under

the ‘Completed’ section.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 11

Click “Begin Review” to review the remaining suppliers one by one.

Answering Audit Questions

When going through the question sets in the Internal Audit, you will be able to select an

answer via a provided drop-down option as well as free hand text answer.

Answer the questions in each section by clicking on the green “Choose Answer” boxes for

each question and selecting an option from the drop-down menu.

You can add text to your answer by clicking on any part of the question box which then

expands the box to reveal a text box which you can type in.

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 12

Information regarding each question can be found via the icons.

Once you have answered your questions you can either click on “Save Current Progress”

to save what you have done up to this point to allow you to go do something else and come

back to this at a later date or, click “Save as completed” to submit your answers to the

database.

If you click “Save as completed”, you will not be able to either add to or amend your existing

answers.

Reports

The Reports section is where you can track which users have started their Internal Audit as

well as review answers to questions which your staff have answered. By reviewing these

reports, you will be able to see where your areas are for improvement.

Please review the following reports for answers from the Internal Audit:

Users and Staff Reviews

Staff Data Protection Self Assessment

All SAQ Responses

(Report descriptions can be found in the Internal Audit Overview section on page 3)

GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 13

Support

GDPRiS provide support:

Mon-Thurs 09:00-17:00 GMT

Fri 09:00-16:00 GMT

If you require assistance regarding any section of this help guide, please do not hesitate to

contact us via one of the following methods:

Tel: 02039 610 110

Mail: support@gdpr.school