How to create an Information Audit Form

1
Create a Zegal Account
2
Make an agreement using Zegal templates
3
Get help from a lawyer anytime

Easy to Use Legal Templates

Quickly and easily create any legal agreement for you or your team.

Affordable Plans

Straightforward pricing plans and bespoke packages built to simplify all your legal demands.

Vast Document Library

Zegal’s comprehensive collection of agreements means you always have what you need at your fingertips.

Start using Zegal for free

If you like it, pick a plan that suits you best.

Join Zegal Free
The Information Audit Form is a non-legal tool, intended as an aid when creating a record of the personal data held by your company. A comprehensive inventory of personal data held is a fundamental step towards GDPR compliance, as well as general good practice in data privacy protection.
 
This Information Audit Form is structured around reasons for collecting and processing personal data. Please consider all areas of your business when deciding whether or not a section of this form applies to your company.
 
In-depth knowledge of the GDPR is not required to fill in this audit form, but honest answers are necessary for the integrity of record-keeping. If you are not sure of the answer, don’t know, or need to check, fill in the fields accordingly. Please also take note of the location(s) of data storage to fill in the last part of the audit.
 
In each section, our helptext provides you with examples of information that might go in each field of the audit table, to give you a sense of direction when answering those questions. These examples are for reference only. It is crucial that you fill in each field with factual, accurate and specific information that applies in your situation. 
 
For each purpose for processing personal data, you must identify a legal basis for the processing. The GDPR has set out 6 possible legal bases that can be relied on when processing personal data:
 
(1) Consent: clear consent has been given for the processing of personal data for a specific purpose (consent must be specific to each purpose or opt-in and be easily withdrawn by the data subject, with evidence of this consent).
(2) Contract: processing is necessary for the performance of a contract you have entered into with an individual, or is necessary to carry out specific steps leading up to entering into a contract.
(3) Legal obligation: processing is necessary for complying with the law.
(4) Vital interests: processing is necessary to protect the vital interests of the data subject or another natural person.
(5) Public function: processing is necessary for a public body to perform a task in the public interest, or an official function.
(6) Legitimate interests: processing is necessary for your legitimate interests or the legitimate interests of a third party (applies unless these legitimate interests are overridden by a good reason to protect the individual’s personal data. A separate Legitimate Interests Assessment (LIA) is recommended).
 
Important Note: The GDPR is a complex principle-based law subject to further interpretation by the supervisory authorities of each EU country. If you are not sure whether your data handling practices are compliant with the GDPR, please seek professional legal advice.
 

What are the types of information security audits?

There are 4 main types of information security audit which are as follows:

  1. Risk assessment: this helps identify various threats to your business. 
  2. Vulnerability assessment: Will look for weak spots, which could be used to exploit or harm your business. 
  3. Penetration testing: This is a controlled and permitted attempt at hacking your system, to look for cracks and bypasses which need upgrading.
  4. Compliance audit: This is quite crucial for a business as it ensures that a business is legally in line with the governing laws. 
 

The Zegal Template Library

Zegal's template library is a list of essential and premium business templates for your everyday legal needs.

Save money and time without sacrificing quality or missing vital legal requirements. Whether you're a startup or a larger enterprise, Zegal lets anyone create a legal agreement.

Let us take care of the legals so you can focus on running your business.

If you need more help, our "Talk to a Lawyer" feature gives you access to a qualified lawyer to get all the expert advice you need.

Try it for free today!

Ready to get started?

Create a free account now and explore all of the Zegal features.

Get Started

No credit card required

Related Documents

If you're creating an Information Audit Form, you may also be interested in the following documents:

Privacy Policy

Nice things people say about Zegal.