Home / Services / GDPR / GDPR Audits
GDPR

GDPR Compliance Audits Know Where You Stand

Comprehensive GDPR compliance audits identifying gaps in your data protection practices. We assess processing activities, lawful bases, documentation, security measures, staff awareness and third-party arrangements — producing a prioritised action plan to achieve full compliance.

Book a GDPR Audit 0333 3233 785
GDPRFull compliance assessment
ROPAProcessing activity mapping
GapAnalysis with action plan
ICOInspection readiness
GDPR Audits

Why Audit Your GDPR Compliance?

A workplace risk assessment is a systematic examination of your work activities, premises and processes to identify what could cause harm to people — and whether you're doing enough to prevent it. Under the Management of Health and Safety at Work Regulations 1999 (MHSWR), every employer must carry out a suitable and sufficient assessment of the risks to the health and safety of their employees and anyone else who may be affected by their work activities.

If you have five or more employees, the significant findings of your risk assessment must be recorded in writing. But regardless of your size, risk assessment is the foundation of every health and safety management system — without it, you're managing safety blind.

RADCaT's qualified health and safety consultants carry out thorough, practical workplace risk assessments for businesses of every size and sector across the UK. We don't produce generic templates — we visit your premises, walk your processes, talk to your team and produce site-specific, task-specific assessments that genuinely reflect your operations and give you a clear, prioritised action plan for improvement.

Whether you need a general workplace risk assessment for your office, a task-specific assessment for high-risk activities in a factory, a site-wide review for a multi-building campus, or a pre-project risk assessment for a construction site — RADCaT delivers expert, HSE-compliant assessments tailored to your industry and your operations.

The ICO doesn't just fine large corporations. Schools, charities, SMEs and healthcare providers have all received enforcement action. A GDPR audit from RADCaT identifies your risks before the ICO does.

GDPR Audits from RADCaT
Types of Risk Assessment

Audit Services We Provide

From quick health checks to comprehensive compliance assessments.

Full GDPR Audit

Comprehensive assessment of all UK GDPR requirements — lawful bases, processing activities, documentation, rights procedures, security, training, international transfers and accountability.

ROPA Development

Creation or review of your Records of Processing Activities (Article 30). Mapping every processing activity, purpose, lawful basis, recipients, retention period and security measures.

Documentation Review

Assessment of privacy notices, consent forms, processor agreements, data sharing agreements, policies, procedures and records against UK GDPR requirements.

Security Assessment

Evaluation of technical and organisational security measures — access controls, encryption, backup, incident response, staff training and physical security of personal data.

Third-Party Assessment

Review of data processor and controller relationships. Assessment of processor agreements (Article 28), data sharing agreements and international transfer mechanisms.

Compliance Scoring

Quantified compliance score across GDPR domains allowing you to track improvement over time and benchmark against previous audits.

Every Industry

Risk Assessments for Your Sector

Every industry has different hazards. We tailor every assessment to your specific sector and operations.

Factories & Warehousing

Machinery, forklift, racking, noise

Transport & Logistics

Depot safety, loading bays, vehicles

Construction

CDM, excavations, heights, demolition

Schools & Education

Classrooms, labs, playgrounds, trips

Care & Healthcare

Patient handling, clinical, infection

Chemical

Process safety, COSHH, DSEAR

Hospitality

Kitchens, fire, slips, public safety

SMEs & Offices

DSE, fire, general workplace

Charities

Events, lone working, volunteers
Our Process

How We Carry Out a Risk Assessment

1

Scope & Planning

We agree the audit scope — full GDPR or focused on specific areas. We request preliminary documentation and schedule the on-site assessment.

2

Data Mapping

We map your personal data processing activities — what data, whose data, why, where, how long, who has access and what security measures protect it.

3

Compliance Assessment

We assess every processing activity and supporting arrangement against UK GDPR requirements. Each finding is documented and rated.

4

Audit Report

Detailed report with findings, compliance scores, gap analysis and a prioritised action plan with recommended timescales and responsibilities.

5

Implementation Support

We can help you implement audit recommendations — drafting policies, updating notices, establishing procedures and delivering training.

Related Services

Complete Your Compliance Puzzle

External DPO

Data Protection Officer

GDPR Audits

Compliance gap analysis

DPIAs

Privacy impact assessments

Policy Development

Privacy & data policies

Breach Response

72-hour notification support

Subject Access

SAR & FOI management

GDPR Training

Staff awareness courses

Schools DPO

Education sector specialist

Health & Safety

Workplace compliance

HR Services

Employment law support

On-Site Training

At your premises

Cybersecurity Training

Phishing & data security
Common Questions

GDPR Audits FAQ

How often should we audit GDPR compliance?

At least annually, with interim reviews when you introduce new processing activities, new systems, new data sharing arrangements or when regulations change. RADCaT recommends annual audits as part of your accountability obligations under Article 5(2).

What does the audit examine?

Lawful bases for processing, privacy notices, consent mechanisms, ROPA, data processor agreements, data sharing agreements, security measures, breach procedures, SAR procedures, staff training, retention schedules, international transfers and governance arrangements.

How long does a GDPR audit take?

Depends on organisation size and complexity. A small business audit might take 1-2 days. A large organisation with multiple processing activities, systems and third-party relationships could take 1-2 weeks. We provide time estimates after scoping.

Will the audit prepare us for an ICO investigation?

Yes. Our audit methodology mirrors the areas ICO would examine. By identifying and closing gaps proactively, you're significantly better positioned to respond to any ICO enquiry, complaint or investigation.

What if we fail the audit badly?

There's no pass or fail — the audit identifies where you are and what you need to do. Many organisations start with significant gaps. The action plan prioritises critical items first so you address the biggest risks immediately and build toward full compliance progressively.

Can you audit our website compliance?

Yes. We assess cookie consent, privacy notices, marketing consent, contact form data handling, analytics tracking and any other personal data processing through your website.

How much does a GDPR audit cost?

Based on organisation size, number of processing activities and audit scope. Fixed-price quotes provided after scoping. Contact us for a free initial discussion.

Need a GDPR Audit?

Get in touch for a free scoping discussion. We'll assess your needs and provide a clear quote.

Book a GDPR Audit 0333 3233 785