Data Provider Audit
By law, you are responsible for ensuring that the data you receive and use is lawful.
This means that you must be able to demonstrate that you took appropriate steps to confirm the validity of the information provided to the individual and any consent they may have provided.
You must also ensure that you can manage your data to prevent you from using purchased listings in a way that you are not authorized to use it.
DQM GRC has long been the leading data consent auditor for UK commercial data owners and can help you demonstrate appropriate controls.
Learn more about our data vendor audit services and solutions below
How does data vendor auditing work?
At the end of 2020, the ICO released a report on the data brokerage industry. Our service addresses the issues raised in this report.
Your auditor will assess the following questions:
1.
Transparency of processing
How do individuals know how their data will be processed?
Is the information provided clear and prominent enough?
Is there a solid audit trail to justify the information provided?
Does the information provided cover your planned processing?
2.
Article 14 and Stealth Processing
Has the data broker received any of the information contained in the listing from sources other than the individual?
If so, does it notify these people that it has received their data and how it is used?
Is the information provided clear and prominent enough?
Is there a solid audit trail to justify the information provided?
Does the information provided cover your planned processing?
3.
Use of credit bureau data for limited direct marketing purposes
If the data broker is also a credit reporting agency, does the data list include any data originally collected for credit reporting purposes?
If so, is there a reliable audit trail to prove that the data broker collected valid consent for the data used for direct marketing purposes?
4.
Lawful basis for processing
Where consent is required, is there a reliable audit trail to demonstrate that the consent collected is valid, including that the original consent was collected by another party?
Where legitimate interests are used, has a legitimate interest assessment been made?
If so, is this legitimate interest assessment objective and has all factors been considered?
Are there any issues with the lawful basis for the use, such as switching from consent to legitimate interest, that might prevent you from using the data lawfully?
5.
Process limitations
When you receive data, is it managed in a way that enables you to comply with contractual or data license conditions?
Can you identify and locate your purchased data in a database and link it to your audit trail to show that your use is lawful?
what to expect
Your auditor usually takes two days to complete the audit. This will combine interviews with key figures, document reviews and sample checks. Our goal is to provide you with a written report within 10 business days of the start of the audit.
For lower risk contracts, you may prefer to send the questionnaire to your data broker, who can complete it themselves and return it to us for review.
We typically give the data broker three weeks to complete and return the questionnaire and aim to provide you with a written report within 10 working days of receiving the completed questionnaire.
Our consultants can work with you and your data broker to resolve any issues we may uncover. This can include working with you to ensure your direct marketing strategy for new leads is compliant and effective, and improving your data governance practices to ensure you can easily demonstrate compliance.
数据合规创造业务价值
给我们一个开始了解需求的机会,共同来保护贵司的业务。
Copyright © 2025 Shanghai Digital Shell Information Technology Co., Ltd All Rights Reserved.