The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Audits

The ICO carries out audits to provide larger organisations with an assessment of whether they are following good data protection practice. Sometimes, and with the consent of the public authority, these audits also look at the way organisations handle requests for information under the Freedom of Information Act. The audits look at whether an organisation has effective policies and procedures in place and whether they are being followed and includes recommendations from the ICO on how to improve.

We believe that audits play a key role in assisting organisations in understanding and meeting their personal data protection obligations. The ICO sees auditing as a constructive process with real benefits for data controllers. We adopt, wherever possible, a participative approach including working closely with the data controller to agree the timing and scope of the audit.

Details of the consensual audits conducted by the ICO are below. These include an executive summary of the audit, where the organisation has given consent. We will keep this information on our website for one year.

We take a risk based approach to audit follow up, and may publish a follow up report to accompany the initial audit.

We also publish audit outcome reports which are summaries of some of the good practice and areas of improvement we have seen on our audits. The reports are based on the sectors we have audited most regularly and are updated over time.

12 September 2014

The ICO has carried out a data protection audit of Princess Alexandra Hospital NHS Trust with its consent.
Read the executive summary of Princess Alexandra Hospital NHS Trust audit report

8 September 2014 

The ICO has carried out a follow up of the data protection audit performed at Worcestershire Acute Hospitals NHS Trust with its consent.

26 August 2014

The ICO has carried out a follow up of the data protection audit performed at London Borough of Sutton Council with its consent.

18 August 2014

The ICO has carried out a follow up of the data protection audit performed at Cumbria County Council with its consent.

13 August 2014

The ICO has carried out a follow up of the data protection audit performed at Neath Port Talbot County Borough Council with its consent.

8 August 2014

The ICO has carried out a data protection audit of South Yorkshire Police with its consent.
Read the Executive Summary of South Yorkshire Police audit report

7 August 2014

The ICO has carried out a data protection audit of Central London Community Healthcare NHS Trust with its consent.
Read the executive summary of Central London Community Healthcare NHS Trust audit report

Central London Community Healthcare NHS Trust has provided a response to the audit report and process on their own website.

1 August 2014

The ICO has carried out a follow up of the data protection audit performed at University of the Arts London with its consent.

The ICO has carried out a follow up of the data protection audit performed at Guildford Borough Council with its consent.

21 July 2014

The ICO has carried out a follow up of the data protection audit performed at Powys County Council with its consent.

18 July 2014

The ICO has carried out a data protection audit of Hampshire Constabulary with its consent.
Read the executive summary of Hampshire Constabulary audit report

The ICO has carried out a data protection audit of Plymouth City Council with its consent.
Read the executive summary of Plymouth City Council audit report

The ICO has carried out a data protection audit of Thames Valley Police with its consent.
Read the executive summary of Thames Valley Police audit report

The ICO has carried out a follow up of the data protection audit performed at British Transport Police with its consent.

11 July 2014

The ICO has carried out a data protection audit of Cardiff Council with its consent.
Read the executive summary of the Cardiff Council audit report

The ICO has carried out a privacy and electronic communications regulations audit of Telefonica UK with its consent.
Read the executive summary of the Telefonica UK audit report

The ICO has carried out a data protection audit of Worcestershire County Council with its consent.
Read the executive summary of the Worcestershire County Council audit report

4 July 2014

The ICO has carried out a data protection audit of Derbyshire Police with its consent.
Read the executive summary of the Derbyshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at West Yorkshire Police with its consent.

27 June 2014

The ICO has carried out a data protection audit of Scottish Children's Reporter Administration with its consent.
Read the executive summary of the Scottish Children's Reporter Administration audit report

The ICO has carried out a follow up of the data protection audit performed at Wiltshire Police with its consent.

24 June 2014

The ICO has carried out a data protection audit of Birmingham and Solihull Mental Health NHS Foundation Trust with its consent.
Read the executive summary of the Birmingham and Solihull Mental Health NHS Foundation Trust audit report

Birmingham and Solihull Mental Health NHS Foundation Trust has published a statement about the audit on its website.

20 June 2014

The ICO has carried out a data protection audit of Barts Health NHS Trust with its consent.
Read the executive summary of the Barts Health NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at Diagnostic Health Systems Limited with its consent.

The ICO has carried out a follow up of the data protection audit performed at Sandwell and West Birmingham Hospitals NHS Trust with its consent.

13 June 2014

The ICO has carried out a follow up of the data protection audit performed at Cumbria Constabulary with its consent.

6 June 2014

The ICO has carried out a follow up of the data protection audit performed at Sheffield Children’s Hospital NHS Trust with its consent.

2 June 2014

The ICO has carried out a follow up of the data protection audit performed at Scottish Government with its consent.

30 May 2014

The ICO has carried out a privacy and electronic communications regulations audit of BSkyB Limited with its consent.
Read the executive summary of the BSkyB Limited audit report

The ICO has carried out a data protection audit of Durham Constabulary with its consent.
Read the executive summary of the Durham Constabulary audit report

The ICO has carried out a follow up of the data protection audit performed at Humberside Police with its consent.

27 May 2014

The ICO has carried out a follow up of the data protection audit performed at Helena Partnerships Limited with its consent.

19 May 2014

The ICO has carried out a data protection audit of Black Country Partnership NHS Foundation Trust with its consent.
Read the executive summary of the Black Country Partnership NHS Foundation Trust audit report

16 May 2014

The ICO has carried out a follow up of the data protection audit performed at Countess of Chester Hospital NHS Foundation Trust with its consent.

The ICO has carried out a follow up of the data protection audit performed at Devon Doctors Ltd with its consent.

The ICO has carried out a follow up of the data protection audit performed at Nottingham University Hospitals NHS Trust with its consent.

The ICO has carried out a data protection audit of Somerset Partnership NHS Foundation Trust with its consent.
Read the executive summary of the Somerset Partnership NHS Foundation Trust audit report

12 May 2014

The ICO has carried out a follow up of the data protection audit performed at West Sussex County Council with its consent.

9 May 2014

The ICO has carried out a data protection audit of City of London Police with its consent.
Read the Executive Summary of the City of London police audit report

The ICO has carried out a data protection audit of the London Borough of Lewisham Council with its consent.
Read the Executive Summary of the London Borough of Lewisham Council audit report

2 May 2014

The ICO has carried out a follow up of the data protection audit performed at West Mercia Police with its consent.
Read the Executive summary of the West Mercia Police follow up audit report

30 April 2014

The ICO has carried out a follow up of the data protection audit performed at Herefordshire Council with its consent.

11 April 2014

The ICO has carried out a data protection audit of Gwent Police with its consent.
Read the executive summary of the Gwent Police audit report

The ICO has carried out a follow up of the data protection audit performed at Homes for Northumberland with its consent.

The ICO has carried out a follow up of the data protection audit performed at Surrey Police with its consent.

7 April 2014

The ICO has carried out a follow up of the data protection audit performed at Midlothian Council with its consent.

The ICO has carried out a follow up of the data protection audit performed at the Alzheimer’s Society with its consent.

31 March 2014

The ICO has carried out a data protection audit of Devon County Council with its consent.
Read the executive summary of the Devon County Council audit report

The ICO has carried out a data protection audit of East of England Ambulance Services NHS Trust with its consent. 
East of England Ambulance Services NHS Trust has asked us not to publish the executive summary of the audit report.

28 March 2014

The ICO has carried out a data protection audit of Cwm Taf University Health Board with its consent.
Read the Executive Summary of Cwm Taf University Health Board audit report

The ICO has carried out a data protection audit of Barnet and Chase Farm NHS Trust with its consent.
Read the executive summary of the Barnet and Chase Farm NHS Trust audit report

The ICO has carried out a data protection audit of Lincolnshire Police with its consent.
Read the Executive Summary of Lincolnshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at Barnsley Hospital NHS Foundation Trust with its consent.

21 March 2014

The ICO has carried out a follow up of the data protection audit performed at London Borough of Ealing with its consent.

21 March 2014

The ICO has carried out a data protection audit of East Riding of Yorkshire Council with its consent.
Read the executive summary of East Riding of Yorkshire Council audit report

19 March 2014

The ICO has carried out a follow up of the data protection audit performed at Epsom and St Helier University Hospitals NHS Trust with its consent.

14  March 2014

The ICO has carried out a data protection audit of Nottinghamshire Police with its consent.
Read the executive summary of Nottinghamshire Police audit report

07  March 2014

The ICO has carried out a data protection audit of Worcestershire Acute Hospitals NHS Trust with its consent.
Read the executive summary of Worcestershire Acute Hospitals NHS Trust audit report
 
The ICO has carried out a data protection audit of West Midlands Police with its consent.
Read the executive summary of West Midlands Police audit report

28 February 2014

The ICO has carried out a follow up of the data protection audit performed at Care Quality Commission with its consent.

14 February 2014

The ICO has carried out a data protection audit of Cumbria County Council with its consent.
Read the Executive Summary of Cumbria County Council audit report 

The ICO has carried out a data protection audit of Neath Port Talbot County Borough Council with its consent.
Neath Port Talbot County Borough Council has asked us not to publish the executive summary of the audit report.

The ICO has carried out a follow up of the data protection audit performed at Flintshire County Council with its consent.

10 February 2014

The ICO has carried out a data protection audit of Powys Teaching Local Health Board with its consent.
Read the executive summary of Powys Teaching Local Health Board audit report

Powys Teaching Local Health Board has provided their own response to the audit report and process.
Read the Powys Teaching Local Health Board response

7 February 2014

The ICO has carried out a data protection audit of Dorset Police with its consent.
Read the Executive Summary of Dorset Police audit report 

The ICO has carried out a data protection audit of Powys County Council with its consent.
Read the Executive Summary of Powys County Council audit report

The ICO has carried out a data protection audit of Mid Cheshire Hospitals NHS Foundation Trust with its consent.
Read the Executive Summary of Mid Cheshire Hospitals NHS Foundation Trust audit report

24 January 2014

The ICO has carried out a data protection audit of British Transport Police with its consent.
Read the Executive Summary of British Transport Police audit report

The ICO has carried out a follow up data protection audit of Doncaster Metropolitan Borough Council with its consent.
Read the executive summary of Doncaster Metropolitan Borough Council follow up audit report

The ICO has carried out a follow up of the data protection audit performed at Belfast Health and Social Care Trust with its consent.

The ICO has carried out a follow up of the data protection audit performed at Tavistock and Portman NHS Foundation Trust with its consent.

3 January 2014

The ICO has carried out a follow up of the data protection audit performed at Student Loans Company with its consent.

20 December 2013

The ICO has carried out a data protection audit of Leeds City Council with its consent.
Read the executive summary of Leeds City Council audit report

The ICO has carried out a data protection audit of Cumbria Constabulary with its consent.
Read the executive summary of Cumbria Constabulary audit report

The ICO has carried out a data protection audit of Dyfed Powys Police with its consent.
Read the executive summary of Dyfed Powys Police audit report

The ICO has carried out a data protection audit of Wiltshire Police with its consent.
Read the executive summary of Wiltshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at Northumbria Police with its consent.

The ICO has carried out a follow up of the data protection audit performed at Parole Board for Scotland with its consent.

6 December 2013

The ICO has carried out a follow up of the data protection audit performed at Welsh Ambulance Services NHS Trust with its consent.

4 December 2013

The ICO has carried out a follow up data protection audit of Oldham Metropolitan Borough Council with its consent.
Read the executive summary of Oldham Metropolitan Borough Council follow up audit report

Oldham Metropolitan Borough Council has provided their own response to the follow up audit report and process.
Read the Oldham Metropolitan Borough Council response

29 November 2013

The ICO has carried out a follow up of the data protection audit performed at London Borough of Hackney with its consent.

The ICO has carried out a data protection audit of University of the Arts London with its consent.
Read the executive summary of University of the Arts London audit report

University of the Arts London has provided their own response to the audit report and process.
Read the University of the Arts London response

The ICO has carried out a follow up of the data protection audit performed at West Dunbartonshire Council with its consent.
Read the executive summary of the West Dunbartonshire Council follow up audit report

22 November 2013

The ICO has carried out a follow up of the data protection audit performed at HM Courts and Tribunal Service with its consent.

The ICO has carried out a data protection audit of Sandwell and West Birmingham Hospitals NHS Trust with its consent.
Read the executive summary of Sandwell and West Birmingham Hospitals NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at London Borough of Waltham Forest with its consent.

The ICO has carried out a follow up of the data protection audit performed at Royal Wolverhampton Hospitals NHS Trust with its consent.

15 November 2013

The ICO has carried out a data protection audit of Surrey and Sussex Healthcare NHS Trust with its consent.
Read the executive summary of the Surrey and Sussex Healthcare NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at Pembrokeshire County Council with its consent.

The ICO has carried out a data protection audit of Sheffield Children’s NHS Foundation Trust with its consent.
Read the executive summary of Sheffield Children’s NHS Foundation Trust audit report

8 November 2013

The ICO has carried out a data protection audit of West Berkshire Council with its consent.
Read the executive summary of West Berkshire Council audit report

The ICO has carried out a follow up of the data protection audit performed at London Borough of Bexley Council with its consent.

1 November 2013

The ICO has carried out a data protection audit of performed at Isle of Anglesey County Council with its consent
Read the executive summary of the Isle of Anglesey County Council audit report
The report is also available on the Isle of Anglesey County Council website in English and Welsh language.

25 October 2013

The ICO has carried out a follow up of the data protection audit performed at London Probation Trust with its consent.

The ICO has carried out a follow up of the data protection audit performed at Highland Council with its consent.

The ICO has carried out a follow up of the data protection audit performed at Southend-on-Sea Borough Council with its consent.

18 October 2013

The ICO has carried out a data protection audit of Guildford Borough Council with its consent.
Read the executive summary of Guildford Borough Council audit report

The ICO has carried out a follow up of the data protection audit performed at Sandwell Metropolitan Borough Council with its consent.

The ICO has carried out a follow up data protection audit of Northumberland County Council with its consent.
Read the executive summary of the Northumberland County Council audit report

11 October 2013

The ICO has carried out a data protection audit of Nottingham University Hospitals NHS Trust with its consent.
Read the executive summary of Nottingham University Hospitals NHS Trust audit report

The ICO has carried out a follow up of the data protection audit performed at North Wales Police with its consent.

4 October 2013

The ICO has carried out a data protection audit of Diagnostic Health Systems Ltd with its consent.
Diagnostic Health Systems has asked us not to publish the executive summary of the audit report.

27 September 2013

The ICO has carried out a data protection audit of Barnsley Hospitals NHS Foundation Trust with its consent.
Read the executive summary of the Barnsley Hospitals NHS Foundation Trust audit report

The ICO has carried out a follow up of the data protection audit performed at Derby City Council with its consent.
Read the follow up summary of the Derby City Council audit report

The ICO has carried out a data protection audit of West Yorkshire Police with its consent.
Read the executive summary of West Yorkshire Police audit report

The ICO has carried out a follow up of the data protection audit performed at Greater Manchester Probation Trust with its consent.

20 September 2013

The ICO has carried out a data protection audit of Avon and Somerset Constabulary with its consent.
Read the executive summary of Avon and Somerset Constabulary audit report

13 September 2013

The ICO has carried out a data protection audit of Countess of Chester Hospital NHS Foundation Trust with its consent. Countess of Chester Hospital NHS Foundation Trust has asked us not to publish the executive summary of the audit report.

The ICO has carried out a follow up of the data protection audit performed at Renfrewshire Council with its consent.