internal audit - gdpr.zendesk.com · internal audit run through when your internal audit section is...
TRANSCRIPT
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 1
School DP Staff
Internal Audit
Version 1.07
Date: 26/11/2018
All rights reserved. This document and the associated software are the sole property of
GDPRiS. Reproduction or duplication by any means of any portion of this document without
the prior written consent of GDPRiS is expressly forbidden.
GDPRiS reserves the right to make changes to this document and to the related software at
any time without notice. The information in this document has been carefully checked for its
accuracy; however, GDPRiS makes no warranty relating to the correctness of this
document.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 2
Table of Contents
Internal Audit Overview ........................................................................................... 3
Log in to GDPRiS ..................................................................................................... 4
Internal Audit Frequency ......................................................................................... 4
Set up Audit Frequency ..................................................................................................... 4
Internal Audit Run Through ..................................................................................... 7
Data Mapping Review ....................................................................................................... 8
Answering Audit Questions .............................................................................................. 11
Reports .................................................................................................................... 12
Support ................................................................................................................... 13
Note: hold Ctrl+left click on a relevant section to navigate to it.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 3
Internal Audit Overview
This document is to show you how to set up and run through an internal audit to review your
GDPR compliance. Six audits can be set up in your school site to span across the year.
There are two types of question sets in the Internal Audit, Personal Questions and
Organisation Questions.
Personal Questions will be questions which each member of staff would be required to
answer regarding their data protection practices and what prior data protection training they
have had.
Organisation Questions would typically be answered by SchoolDPStaff users only. These
are designed to cover the school, rather than individual responses.
Both question sets allow you to either “Save current progress” which will allow you to save
your current answers to the database and to come back to them at a later date where you
can then “Save as Complete” which will again save your answers to the database without
anymore changes being made in the future to that specific audit.
Information from the audit such as user responses to questions can be found in the following
reports in the Reports section:
Users and Staff Reviews: Shows how many questions each user has answered from each
section.
Staff Data Protection Self Assessment: Shows each question which a user has answered
and their response.
All SAQ Responses: These are the responses from just the Organisation questions which
the SchoolDPStaff users have answered.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 4
Log in to GDPRiS
Click on this link to visit our website where you can login to the GDPRiS system.
When you are on the website, click “Login” at the top of the page.
If you do not know or remember your login details, please send an email to
[email protected] and we will be able to help you log in.
Internal Audit Frequency
Set up Audit Frequency
When you log into the GDPRiS system, you will be taken to the dashboard.
Click on “Actions” via the menu on the left-hand side.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 5
Click “Settings”.
In Settings, you can set up dates for when you would like to run through an Internal Audit.
There are two types of question sets in the Internal Audit, Personal Questions and
Organisation Questions. (explanations on these question sets can be found in the Internal Audit
Overview section on page 3).
By default, today’s date will be shown in the “From” box and tomorrow’s date in the “To”
box. Amend these dates accordingly to when you would like to run through an Internal Audit.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 6
If you click on the boxes under “Organisation Questions” and “Personal Questions” next
to “Times a Year”, you will be able to choose how many times a year you would like to run
through an internal audit. (See image below)
Once you’ve selected the amount of times you would like an audit to be run, more boxes will
appear for you to fill in the dates you wish to have those audits on.
Once you have entered your dates, click “Save”.
Once you have saved your changes, it will take several minutes for the Internal Audit section
to be set up. Please allow a couple of minutes before trying to access the “Internal Audit”
section.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 7
Internal Audit Run Through
When your Internal Audit section is set up, click on “Internal Audit” via the menu down the
left-hand side of the screen.
In the screen shot below is an example of what the Internal Audit section looks like from a
SchoolDPStaff user’s point of view.
You will notice that the navigation menu on the left-hand side has gained an extra column.
The extra menu shows the sections which you will need to go through to complete an
Internal Audit.
As stated in the Internal Audit Overview section on page 3, The Individual Questions
section will need to be completed by both GeneralStaff and SchoolDPStaff users and the
School Questions will need to be completed only by the SchoolDPStaff users.
To start your internal audit. Read through the information in the main window and then click
“Start”.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 8
Note: It is important to note that when running through this audit, it is your responsibility to
check that the information in the GDPRiS system is correct for your school.
Data Mapping Review
Suppliers
Once you have clicked on “Start” you will be taken to the “Suppliers” section of the audit.
Make sure that you can see all your suppliers listed.
Click ‘Begin Review’ to start the review process of the selected supplier.
When you are happy with the fields of data being captured, click “Next”.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 9
In this section you will be able to see answers to questions which your suppliers have
answered.
Down the right-hand side, you will be able to see links to the Privacy, Terms and Conditions
and Cookie policies. Please take a minute to look at these when reviewing a supplier.
Each section on this page can be expanded to show the question which the supplier has
answered. Click on the down arrow to show the question.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 10
At the bottom right of this section are three buttons, “Back”, “Don’t Accept” and “Accept” as
well as a blank box.
The blank box is for you to type in a note when reviewing the supplier before either
accepting or no accepting to use the supplier moving forwards.
The “Back” button will take you back a page for you to review the previous page.
The “Don’t Accept” button can be used if you are not happy with the answers the supplier
has provided within the Internal Audit or where you are not satisfied with the compliance
practices or policies.
The “Accept” button can be used if you are happy with the answers the supplier has given to
the questions and if you are happy to use the supplier moving forwards after reviewing their
data mapping information from the previous page.
Click either “Don’t Accept” or “Accept” to continue with the audit.
Once you have reviewed the first supplier, if you selected “Accept” it will then appear under
the ‘Completed’ section.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 11
Click “Begin Review” to review the remaining suppliers one by one.
Answering Audit Questions
When going through the question sets in the Internal Audit, you will be able to select an
answer via a provided drop-down option as well as free hand text answer.
Answer the questions in each section by clicking on the green “Choose Answer” boxes for
each question and selecting an option from the drop-down menu.
You can add text to your answer by clicking on any part of the question box which then
expands the box to reveal a text box which you can type in.
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 12
Information regarding each question can be found via the icons.
Once you have answered your questions you can either click on “Save Current Progress”
to save what you have done up to this point to allow you to go do something else and come
back to this at a later date or, click “Save as completed” to submit your answers to the
database.
If you click “Save as completed”, you will not be able to either add to or amend your existing
answers.
Reports
The Reports section is where you can track which users have started their Internal Audit as
well as review answers to questions which your staff have answered. By reviewing these
reports, you will be able to see where your areas are for improvement.
Please review the following reports for answers from the Internal Audit:
Users and Staff Reviews
Staff Data Protection Self Assessment
All SAQ Responses
(Report descriptions can be found in the Internal Audit Overview section on page 3)
GDPRiS – 014 www.gpdr.school GDPR in Schools Ltd ©2017 13
Support
GDPRiS provide support:
Mon-Thurs 09:00-17:00 GMT
Fri 09:00-16:00 GMT
If you require assistance regarding any section of this help guide, please do not hesitate to
contact us via one of the following methods:
Tel: 02039 610 110
Mail: [email protected]