Internal Audit Overview
The attached document will show you how to set up and run through an internal audit to review your
Six audits can be set up in your school site to span across the year.
There are two types of question sets in the Internal Audit, Personal Questions and Organisation Questions.
Personal Questions will be questions which each member of staff would be required to answer regarding their data protection practices and what prior data protection training they
Organisation Questions would typically be answered by SchoolDPStaff users only. These are designed to cover the school, rather than individual responses.
Both question sets allow you to either “Save current progress” which will allow you to save your current answers to the database and to come back to them at a later date where you can then “Save as complete” which will again save your answers to the database without anymore changes being made in the future to that specific audit.
Information from the audit such as user responses to questions can be found in the following reports in the Reports section:
Users and Staff Reviews: Shows how many questions each user has answered from each section.
Staff Data Protection Self Assessment: Shows each question which a user has answered and their response.
All SAQ Responses: These are the responses from just the Organisation questions which the SchoolDPStaff users have answered.
Internal Audit Frequency
Set up Audit Frequency
When you log into the GDPRiS system, you will be taken to the dashboard.
Click on “Actions” via the menu on the left-hand side
You will notice that the navigation menu on the left-hand side has gained an extra column.
The extra menu shows the sections which you will need to go through to complete an
As stated in the Internal Audit Overview section on page 3, The Individual Questions
section will need to be completed by both GeneralStaff and SchoolDPStaff users and the
School Questions will need to be completed only by the SchoolDPStaff users.
To start your internal audit. Read through the information in the main window and then click
Note: It is important to note that when running through this audit, it is your responsibility to
check that the information in the GDPRiS system is correct for your school.
Data Mapping Review
Once you have clicked on “Start” you will be taken to the “Suppliers” section of the audit.
Make sure that you can see all your suppliers listed.
When you are happy with the fields of data being captured, click “Next”
Down the right-hand side, you will be able to see links to the Privacy, Terms and Conditions
and Cookie policies. Please take a minute to look at these when reviewing a supplier.
The “Accept” button can be used if you are happy with the answers the supplier has given to
the questions and if you are happy to use the supplier moving forwards after reviewing their
data mapping information from the previous page.
Click either “Don’t Accept” or “Accept” to continue with the audit.