Halderstone Audit Services

Data Protection Management Audits

Independent assessments of privacy governance, data protection management systems, controls, and compliance obligations

Halderstone Audit Services

Data Protection Management Audits

Independent assessments of privacy governance, data protection management systems, controls, and compliance obligations

Auditor reviews data protection controls behind frosted glass, reflecting privacy and oversight for personal data processing.

Understand whether your data protection arrangements work in practice

Assess whether responsibilities, controls, and oversight mechanisms for personal data processing are operating as intended across your organisation.

Auditor reviews data protection controls behind frosted glass, reflecting privacy and oversight for personal data processing.

Understand whether your data protection arrangements work in practice

Assess whether responsibilities, controls, and oversight mechanisms for personal data processing are operating as intended across your organisation.

Auditor reviews data protection controls behind frosted glass, reflecting privacy and oversight for personal data processing.
How we support you

How we support you

How we support you
Why Halderstone

Why Halderstone

Related advisory services

Related advisory services

Related training modules

Related training modules

How we support you

Privacy and data protection requirements are embedded in business processes, technology, supplier relationships, and information security controls.

Independent audits help organisations understand whether privacy governance, data protection management systems, and processing controls are designed appropriately and operating effectively.

Assessments can focus on entire data protection management systems, selected processing activities, business units, suppliers, applications, or specific regulatory obligations.

Audit contexts

  • Internal audits

  • Readiness assessments

  • Processor and supplier assessments

  • Privacy governance reviews

  • Regulatory compliance reviews

  • Integrated audits

Supported frameworks

  • EU GDPR

  • Swiss Federal Act on Data Protection (FADP)

  • ISO/IEC 27701

  • ISO/IEC 27001 and ISO/IEC 27002

  • NIST Privacy Framework

  • Organisation-specific privacy and data protection frameworks

Business meeting with people sitting at a conference room table

Discuss your audit challenge

A short conversation to understand your current situation and discuss possible next steps.

Schedule a call

Business meeting with people sitting at a conference room table

Discuss your audit challenge

A short conversation to understand your current situation and discuss possible next steps.

Schedule a call

Business meeting with people sitting at a conference room table

Discuss your audit challenge

A short conversation to understand your current situation and discuss possible next steps.

Schedule a call

Why Halderstone

Our approach

  • Audit planning informed by risks, objectives, and the intended use of audit results

  • Audit activities aligned with recognized auditing principles and guidance, including ISO 19011 where appropriate

  • Findings based on objective evidence obtained through interviews, documentation review, observation, and sampling

  • Conclusions supported by corroboration across multiple evidence sources and audit methods

  • Practical reporting focused on decision-making, assurance, and continual improvement

What we deliberately do not do

  • Mandates that compromise auditor independence

  • Audit engagements where we influence the selection of samples, evidence, or interview partners

  • Conclusions based solely on interviews without corroborating evidence

Halderstone Academy

Related training modules

Halderstone Academy offers focused training modules on relevant audit capabilities.

View all modules

Halderstone Academy

Related training modules

Halderstone Academy offers focused training modules on relevant audit capabilities.

View all modules

Auditing Privacy Risk & Impact Assessment

Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS

7 h

Auditing Privacy Risk & Impact Assessment

Evaluate whether privacy risk assessments and DPIAs produce credible risk understanding and prioritisation in an ISO/IEC 27701 PIMS

7 h

Auditing Operational Privacy Controls

Evaluate whether privacy controls are implemented effectively and applied consistently across personal data processing activities

7 h

Auditing Operational Privacy Controls

Evaluate whether privacy controls are implemented effectively and applied consistently across personal data processing activities

7 h

Data Protection Principles

Privacy roles, obligations and controls in organisations, aligned with common national and international data protection requirements

7 h

PII Processing: Context, Roles & Scope

Define PII processing context, determine controller and processor roles, and set practical PIMS scope boundaries under ISO/IEC 27701

7 h

Privacy Risk & Impact Assessment (DPIA)

Assess privacy risks, reason about impacts, and document DPIAs within an ISO/IEC 27701-aligned PIMS

7 h

Operational Privacy Controls

Implement role-based privacy controls and data subject rights handling within an ISO/IEC 27701-aligned PIMS

7 h

Auditing Context & Scope

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

7 h

Auditing Leadership & Governance

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

7 h

Auditing Risk & Opportunity Management

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

7 h

Auditing Context & Scope

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

7 h

Auditing Context & Scope

Assess whether organisational context, interested parties, scope and system boundaries credibly reflect how the organisation operates

7 h

Auditing Leadership & Governance

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

7 h

Auditing Leadership & Governance

Assess whether leadership commitment, policy direction and governance structures credibly steer the management system

7 h

Auditing Risk & Opportunity Management

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

7 h

Auditing Risk & Opportunity Management

Assess whether risk and opportunity management credibly informs organisational decisions and priorities

7 h

Auditing Documented Information

Assess whether documented information is fit for use, internally consistent and credible as audit evidence

7 h

Auditing Documented Information

Assess whether documented information is fit for use, internally consistent and credible as audit evidence

7 h

Auditing Objectives & Performance Evaluation

Assess whether objectives and KPIs credibly measure and steer organisational performance

7 h

Auditing Objectives & Performance Evaluation

Assess whether objectives and KPIs credibly measure and steer organisational performance

7 h

Auditing Operational Control

Assess whether operational controls and process interactions work reliably in day-to-day practice

7 h

Auditing Operational Control

Assess whether operational controls and process interactions work reliably in day-to-day practice

7 h

Auditing Supplier & Outsourcing Management

Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries

7 h

Auditing Supplier & Outsourcing Management

Assess whether supplier and outsourced process controls manage risk effectively and achieve intended outcomes across organisational boundaries

7 h

Leading with Management Systems

Use management systems to drive performance, risk control and organisational credibility beyond certification

1.5 h

Leading with Management Systems in Practice

Apply executive judgement to turn management systems into drivers of reliability, trust and strategic performance

3 h

System Framing

Analyse organisational context, stakeholders and system boundaries to support effective management systems

7 h

System Leadership

Define clear policy direction and accountability through effective leadership responsibilities in management systems

7 h

Policy Management

Design coherent, auditable policy frameworks that align with strategy, scale across entities, and stay current without excess bureaucracy

7 h

Governance Design

Build the decision rights, governance meetings, escalation paths and evidence trails that make management systems work in practice

12 h

Resource Management

Ensure management systems are supported with sufficient people, time, budget, infrastructure and external support

7 h

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Office scene with people standing, walking and sitting

Ready to improve your management systems?

We support continuous improvement by embedding ISO requirements into everyday practice and daily operations.

Contact us

Explore Halderstone

Explore Halderstone

Explore Halderstone