The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Audits

The ICO carries out audits to provide larger organisations with an assessment of whether they are following good data protection practice. Sometimes, and with the consent of the public authority, these audits also look at the way organisations handle requests for information under the Freedom of Information Act. The audits look at whether an organisation has effective policies and procedures in place and whether they are being followed and includes recommendations from the ICO on how to improve.

We believe that audits play a key role in assisting organisations in understanding and meeting their personal data protection obligations. The ICO sees auditing as a constructive process with real benefits for data controllers. We adopt, wherever possible, a participative approach including working closely with the data controller to agree the timing and scope of the audit.

Details of the consensual audits conducted by the ICO are below. These include an executive summary of the audit, where the organisation has given consent. We will keep this information on our website for one year.

We take a risk based approach to audit follow up, and may publish a follow up report to accompany the initial audit.

We also publish audit outcome reports which are summaries of some of the good practice and areas of improvement we have seen on our audits. The reports are based on the sectors we have audited most regularly and are updated over time.

11 April 2014

The ICO has carried out a data protection audit of Gwent Police with its consent.
Read the executive summary of the Gwent Police audit report

The ICO has carried out a follow up of the data protection audit performed at Homes for Northumberland with its consent.

The ICO has carried out a follow up of the data protection audit performed at Surrey Police with its consent.

7 April 2014

The ICO has carried out a follow up of the data protection audit performed at Midlothian Council with its consent.

The ICO has carried out a follow up of the data protection audit performed at the Alzheimer’s Society with its consent.

31 March 2014

The ICO has carried out a data protection audit of Devon County Council with its consent.
Read the executive summary of the Devon County Council audit report

The ICO has carried out a data protection audit of East of England Ambulance Services NHS Trust with its consent. 
East of England Ambulance Services NHS Trust has asked us not to publish the executive summary of the audit report.

28 March 2014

The ICO has carried out a data protection audit of Cwm Taf University Health Board with its consent.
Cwm Taf University Health Board has asked us not to publish the executive summary of the audit report.

The ICO has carried out a data protection audit of Barnet and Chase Farm NHS Trust with its consent.
Read the executive summary of the Barnet and Chase Farm NHS Trust audit report

The ICO has carried out a data protection audit of Lincolnshire Police with its consent.
Read the Executive Summary of Lincolnshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at Barnsley Hospital NHS Foundation Trust with its consent.

21 March 2014

The ICO has carried out a follow up of the data protection audit performed at London Borough of Ealing with its consent.

21 March 2014

The ICO has carried out a data protection audit of East Riding of Yorkshire Council with its consent.
Read the executive summary of East Riding of Yorkshire Council audit report

14  March 2014

The ICO has carried out a data protection audit of Nottinghamshire Police with its consent.
Read the executive summary of Nottinghamshire Police audit report

07  March 2014

The ICO has carried out a data protection audit of Worcestershire Acute Hospitals NHS Trust with its consent.
Read the executive summary of Worcestershire Acute Hospitals NHS Trust audit report
 
The ICO has carried out a data protection audit of West Midlands Police with its consent.
Read the executive summary of West Midlands Police audit report

28 February 2014

The ICO has carried out a follow up of the data protection audit performed at Care Quality Commission with its consent.

14 February 2014

The ICO has carried out a data protection audit of Cumbria County Council with its consent.
Read the Executive Summary of Cumbria County Council audit report 

The ICO has carried out a data protection audit of Neath Port Talbot County Borough Council with its consent.
Neath Port Talbot County Borough Council has asked us not to publish the executive summary of the audit report.

The ICO has carried out a follow up of the data protection audit performed at Flintshire County Council with its consent.

10 February 2014

The ICO has carried out a data protection audit of Powys Teaching Local Health Board with its consent.
Read the executive summary of Powys Teaching Local Health Board audit report

Powys Teaching Local Health Board has provided their own response to the audit report and process.
Read the Powys Teaching Local Health Board response

7 February 2014

The ICO has carried out a data protection audit of Dorset Police with its consent.
Read the Executive Summary of Dorset Police audit report 

The ICO has carried out a data protection audit of Powys County Council with its consent.
Read the Executive Summary of Powys County Council audit report

The ICO has carried out a data protection audit of Mid Cheshire Hospitals NHS Foundation Trust with its consent.
Read the Executive Summary of Mid Cheshire Hospitals NHS Foundation Trust audit report

24 January 2014

The ICO has carried out a data protection audit of British Transport Police with its consent.
Read the Executive Summary of British Transport Police audit report

The ICO has carried out a follow up data protection audit of Doncaster Metropolitan Borough Council with its consent.
Read the executive summary of Doncaster Metropolitan Borough Council follow up audit report

The ICO has carried out a follow up of the data protection audit performed at Belfast Health and Social Care Trust with its consent.

The ICO has carried out a follow up of the data protection audit performed at Tavistock and Portman NHS Foundation Trust with its consent.

3 January 2014

The ICO has carried out a follow up of the data protection audit performed at Student Loans Company with its consent.

20 December 2013

The ICO has carried out a data protection audit of Leeds City Council with its consent.
Read the executive summary of Leeds City Council audit report

The ICO has carried out a data protection audit of Cumbria Constabulary with its consent.
Read the executive summary of Cumbria Constabulary audit report

The ICO has carried out a data protection audit of Dyfed Powys Police with its consent.
Read the executive summary of Dyfed Powys Police audit report

The ICO has carried out a data protection audit of Wiltshire Police with its consent.
Read the executive summary of Wiltshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at Northumbria Police with its consent.

The ICO has carried out a follow up of the data protection audit performed at Parole Board for Scotland with its consent.

6 December 2013

The ICO has carried out a follow up of the data protection audit performed at Welsh Ambulance Services NHS Trust with its consent.

4 December 2013

The ICO has carried out a follow up data protection audit of Oldham Metropolitan Borough Council with its consent.
Read the executive summary of Oldham Metropolitan Borough Council follow up audit report

Oldham Metropolitan Borough Council has provided their own response to the follow up audit report and process.
Read the Oldham Metropolitan Borough Council response

29 November 2013

The ICO has carried out a follow up of the data protection audit performed at London Borough of Hackney with its consent.

The ICO has carried out a data protection audit of University of the Arts London with its consent.
Read the executive summary of University of the Arts London audit report

University of the Arts London has provided their own response to the audit report and process.
Read the University of the Arts London response

The ICO has carried out a follow up of the data protection audit performed at West Dunbartonshire Council with its consent.
Read the executive summary of the West Dunbartonshire Council follow up audit report

22 November 2013

The ICO has carried out a follow up of the data protection audit performed at HM Courts and Tribunal Service with its consent.

The ICO has carried out a data protection audit of Sandwell and West Birmingham Hospitals NHS Trust with its consent.
Read the executive summary of Sandwell and West Birmingham Hospitals NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at London Borough of Waltham Forest with its consent.

The ICO has carried out a follow up of the data protection audit performed at Royal Wolverhampton Hospitals NHS Trust with its consent.

15 November 2013

The ICO has carried out a data protection audit of Surrey and Sussex Healthcare NHS Trust with its consent.
Read the executive summary of the Surrey and Sussex Healthcare NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at Pembrokeshire County Council with its consent.

The ICO has carried out a data protection audit of Sheffield Children’s NHS Foundation Trust with its consent.
Read the executive summary of Sheffield Children’s NHS Foundation Trust audit report

8 November 2013

The ICO has carried out a data protection audit of West Berkshire Council with its consent.
Read the executive summary of West Berkshire Council audit report

The ICO has carried out a follow up of the data protection audit performed at London Borough of Bexley Council with its consent.

1 November 2013

The ICO has carried out a data protection audit of performed at Isle of Anglesey County Council with its consent
Read the executive summary of the Isle of Anglesey County Council audit report
The report is also available on the Isle of Anglesey County Council website in English and Welsh language.

25 October 2013

The ICO has carried out a follow up of the data protection audit performed at London Probation Trust with its consent.

The ICO has carried out a follow up of the data protection audit performed at Highland Council with its consent.

The ICO has carried out a follow up of the data protection audit performed at Southend-on-Sea Borough Council with its consent.

18 October 2013

The ICO has carried out a data protection audit of Guildford Borough Council with its consent.
Read the executive summary of Guildford Borough Council audit report

The ICO has carried out a follow up of the data protection audit performed at Sandwell Metropolitan Borough Council with its consent.

The ICO has carried out a follow up data protection audit of Northumberland County Council with its consent.
Read the executive summary of the Northumberland County Council audit report

11 October 2013

The ICO has carried out a data protection audit of Nottingham University Hospitals NHS Trust with its consent.
Read the executive summary of Nottingham University Hospitals NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at North Wales Police with its consent.

4 October 2013

The ICO has carried out a data protection audit of Diagnostic Health Systems Ltd with its consent.
Diagnostic Health Systems has asked us not to publish the executive summary of the audit report.

27 September 2013

The ICO has carried out a data protection audit of Barnsley Hospitals NHS Foundation Trust with its consent.
Read the executive summary of the Barnsley Hospitals NHS Foundation Trust audit report

The ICO has carried out a follow up of the data protection audit performed at Derby City Council with its consent.
Read the follow up summary of the Derby City Council audit report

The ICO has carried out a data protection audit of West Yorkshire Police with its consent.
Read the executive summary of West Yorkshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at Greater Manchester Probation Trust with its consent.

20 September 2013

The ICO has carried out a data protection audit of Avon and Somerset Constabulary with its consent.
Read the executive summary of Avon and Somerset Constabulary audit report

13 September 2013

The ICO has carried out a data protection audit of Countess of Chester Hospital NHS Foundation Trust with its consent. Countess of Chester Hospital NHS Foundation Trust has asked us not to publish the executive summary of the audit report.

The ICO has carried out a follow up of the data protection audit performed at Renfrewshire Council with its consent.

6 September 2013

The ICO has carried out a follow up of the data protection audit performed at the London Borough of Enfield with its consent.

4 September 2013

The ICO has carried out a data protection audit of Humberside Police with its consent.
Read the executive summary of Humberside Police audit report

The ICO has carried out a data protection audit of Surrey Police with its consent.
Read the executive summary of Surrey Police audit report

The ICO has carried out a follow up of the data protection audit performed at Conwy County Borough Council with its consent.
Read the executive summary of Conwy County Borough Council follow up report

30 August 2013

The ICO has carried out a data protection audit of West Sussex County Council with its consent.
Read the executive summary of West Sussex County Council audit report

The ICO has carried out a data protection audit of Devon Doctors Ltd with its consent.
Read the executive summary of Devon Doctors Ltd audit report

23 August 2013

The ICO has carried out a data protection audit of Northamptonshire Police with its consent.
Read the executive summary of Northamptonshire Police audit report

16 August 2013

The ICO has carried out a follow up of the data protection audit performed at North Yorkshire Police Force with its consent.

9 August 2013

The ICO has carried out a privacy and electronic communications regulations audit of Everything Everywhere Limited with its consent.
Read the executive summary of the Everything Everywhere audit report

2 August 2013

The ICO has carried out a data protection audit of London Borough of Ealing with its consent.
Read the executive summary of London Borough of Ealing audit report

The ICO has carried out a follow up of the data protection audit performed at Bryson Group with its consent.

26 July 2013

The ICO has carried out a data protection audit of Helena Partnerships Limited with its consent. Helena Partnerships Limited has asked us not to publish the executive summary of the audit report.

The ICO has carried out a follow up of the data protection audit performed at Northumbria Probation Trust with its consent.

The ICO has carried out a follow up of the data protection audit performed at London Borough of Lambeth Council with its consent.

The ICO has carried out a follow up of the data protection audit performed at Warwickshire Police with its consent.

The ICO has carried out a follow up of the data protection audit performed at Department for Work and Pensions with its consent.

19 July 2013

The ICO has carried out a data protection audit of Royal Free London NHS Foundation Trust with its consent.
Read the executive summary of the Royal Free London NHS Foundation Trust

The ICO has carried out a data protection audit of Homes For Northumberland with its consent.
Read the executive summary of Homes For Northumberland audit report

The ICO has carried out a data protection audit of Flintshire County Council with its consent.
Read the executive summary of Flintshire County Council audit report

12 July 2013

The ICO has carried out a data protection audit of Herefordshire Council with its consent.
Read the executive summary of Herefordshire Council audit report

The ICO has carried out a data protection audit of East Lindsay District Council with its consent. East Lindsay District Council has asked us not to publish the executive summary of the audit report.

5 July 2013

The ICO has carried out a data protection audit of Care Quality Commission with its consent.
Read the executive summary of Care Quality Commission audit report

The ICO has carried out a data protection follow up audit of London Borough of Camden with its consent.
Read the executive summary of London Borough of Camden follow up audit report

The ICO has carried out a data protection audit of South Wales Police with its consent.
Read the executive summary of South Wales Police audit report

28 June 2013

The ICO has carried out a privacy and electronic communications regulations audit of Virgin Media with its consent.
Read the executive summary of the Virgin Media audit report

The ICO has carried out a data protection audit of Aberdeen City Council with its consent.
Read the executive summary of Aberdeen City Council audit report

Aberdeen City Council have provided their own response to the audit report.

The ICO has carried out a follow up data protection audit of Dumfries and Galloway Council with its consent.
Read the executive summary of Dumfries and Galloway Council follow up audit report

The ICO has carried out a data protection audit of Epsom and St Helier University Hospitals NHS Trust with its consent.
Read the executive summary of Epsom and St Helier University Hospitals NHS Trust audit report

The ICO has carried out a data protection audit of Merseyside Police with its consent.
Read the executive summary of Merseyside Police audit report

14 June 2013

The ICO has carried out a data protection audit of Belfast Health and Social Care Trust with its consent.
Read the executive summary of Belfast Health and Social Care Trust audit report

Belfast Health and Social Care Trust have provided their own response to the audit report
Read the Belfast Health and Social Care Trust response

The ICO has carried out a follow up data protection audit of Hastings Insurance Services Limited with its consent.
Read the executive summary of Hastings Insurance Services Limited follow up audit report

7 June 2013

The ICO has carried out a follow up data protection audit of Liverpool City Council with its consent.
Read the executive summary of Liverpool City Council follow up audit report

31 May 2013

The ICO has carried out a data protection audit of Midlothian Council with its consent.
Read the executive summary of Midlothian Council audit report

The ICO has carried out a follow up data protection audit of London Borough of Southwark with its consent.
Read the executive summary of the London Borough of Southwark follow up audit report

20 May 2013

The ICO has carried out a data protection audit of London Borough of Sutton Council with its consent.
Read the executive summary of London Borough of Sutton Council audit report

The ICO has carried out a data protection audit of Northumbria Police with its consent.
Read the executive summary of Northumbria Police audit report

The ICO has carried out a data protection audit of Parole Board Scotland with its consent.
Read the executive summary of Parole Board Scotland audit report

17 May 2013

The ICO has carried out a data protection audit of HM Courts and Tribunal Service with its consent.
Read the executive summary of HM Courts and Tribunal Service audit report

The ICO has carried out a data protection audit of Police Service of Northern Ireland with its consent.
Read the executive summary of Police Service of Northern Ireland audit report

The ICO has carried out a data protection audit of Tavistock and Portman NHS Foundation Trust with its consent.
Read the executive summary of Tavistock and Portman NHS Foundation Trust audit report

The ICO has carried out a data protection audit of Welsh Ambulance Services Trust with its consent.
Read the executive summary of Welsh Ambulance Services Trust audit report
Read the executive summary of Welsh Ambulance Services Trust audit report in Welsh

10 May 2013

The ICO has carried out a follow up data protection audit of Staffordshire Police with its consent.
Read the executive summary of Staffordshire Police follow up audit report

The ICO has carried out a follow up data protection audit of Debt Advisory Line with its consent.
Read the executive summary of Debt Advisory Line follow up audit report

1 May 2013

The ICO has carried out a follow up data protection audit of Glasgow City Council with its consent.
Read the executive summary of the Glasgow City Council follow up audit report

19 April 2013

The ICO has carried out a follow up data protection audit of Surrey and Sussex Probation Trust with its consent.
Read the executive summary of Surrey and Sussex Probation Trust follow up audit report

12 April 2013

The ICO has carried out a data protection audit of Gloucestershire County Council with its consent.
Read the executive summary of Gloucestershire County Council audit report

The ICO has carried out a data protection audit of London Borough of Hackney with its consent.
Read the executive summary of London Borough of Hackney audit report

The ICO has carried out a data protection audit of North Wales Police with its consent.
Read the executive summary of North Wales Police audit report

Read the executive summary of North Wales Police audit report in Welsh

The ICO has carried out a follow up data protection audit of SSAFA Acting on behalf of the Confederation of British Services group with its consent.
Read the executive summary of SSAFA Acting on behalf of the Confederation of British Services group follow up audit report

27 March 2013

The ICO has carried out a data protection audit of London Borough of Enfield with its consent.
Read the executive summary of London Borough of Enfield audit report

The ICO has carried out a follow up data protection audit of Medical Services Limited with its consent.
Read the executive summary of Medical Services Limited follow up audit report

22 March 2013

The ICO has carried out a data protection audit of Scottish Prison Service with its consent.
Read the executive summary of Scottish Prison Service audit report

Scottish Prison Service has provided their own link to the full audit report. Read the Scottish Prison Service audit report.

The ICO has carried out a data protection audit of West Dunbartonshire Council with its consent.
Read the executive summary of West Dunbartonshire Council audit report

The ICO has carried out a data protection audit of South Yorkshire Probation Trust with its consent.
Read the executive summary of South Yorkshire Probation Trust audit report

The ICO has carried out a data protection audit of Alzheimer’s Society with its consent.
Read the executive summary of Alzheimer’s Society audit report

Alzheimer’s Society has provided their own response to the audit report and process.
Read the Alzheimer’s Society response

15 March 2013

The ICO has carried out a data protection audit of London Borough of Bexley with its consent.
Read the executive summary of London Borough of Bexley audit report

The ICO has carried out a data protection audit of Greater Manchester Probation Trust with its consent.
Read the executive summary of Greater Manchester Probation Trust audit report

The ICO has carried out a data protection audit of West Mercia Police with its consent.
Read the executive summary of West Mercia Police audit report

The ICO has carried out a follow up data protection audit of North Lanarkshire Council with its consent.
Read the executive summary of North Lanarkshire follow up audit report

1 March 2013

The ICO has carried out a data protection audit of Royal Wolverhampton NHS Trust with its consent.
Read the executive summary of Royal Wolverhampton NHS Trust audit report
Further details of the audit are provided on the Trust website.

The ICO has carried out a data protection audit of London Borough of Waltham Forest with its consent.
Read the executive summary of London Borough of Waltham Forest audit report

The ICO has carried out a data protection audit of Scottish Government (OSIA, HR,PU) with its consent.
Read the executive summary of Scottish Government (OSIA, HR, PU) audit report

22 February 2013

The ICO has carried out a data protection audit of Southend-on-Sea Borough Council with its consent.
Read the executive summary of Southend-on-Sea Borough Council audit report

The ICO has carried out a data protection audit of Doncaster Metropolitan Borough Council with its consent.
Read the executive summary of Doncaster Metropolitan Borough Council audit report

The ICO has carried out a follow up data protection audit of Crown Prosecution Service with its consent.
Read the executive summary of Crown Prosecution Service follow up audit report

The ICO has carried out a follow up data protection audit of Merthyr Tydfil County Borough Council with its consent.
Read the executive summary of Merthyr Tydfil County Borough Council follow up audit report