Service

GDPR and Data Check

From £350. Written record. Fixed price.

What it is

We review your data handling practices against UK GDPR requirements - privacy notices, records of processing, staff training, and third party agreements. We identify gaps and tell you what needs addressing.

We also check how AI tools (ChatGPT, transcription, scheduling) are being used with client data and whether that needs a written policy.

What we check

  • Privacy notice content and currency
  • Records of processing
  • Lawful basis for each processing activity
  • Data subject request process
  • Breach response plan
  • AI and third-party tool usage
  • Retention and deletion practice
  • Staff training and third-party agreements

What you get

  • Written record of what was checked and what was found
  • Clear list of the gaps with priorities
  • Note on whether ICO registration is required if not yet in place

Who needs this

Every business holding personal data. Required under UK GDPR and Data Protection Act 2018.

From
£350

Exact quote provided after a free 15-minute scoping call. No surprises after the visit.

Book Your Audit Ask a question

Scope

TestSafe Compliance provides audit, assessment and reporting only. We do not provide legal advice or act as legal representatives.

Often booked together

Pair this with

Document Management Employment Compliance
FAQs

Common questions about GDPR audits

Do small businesses really need a UK GDPR audit?

Yes. UK GDPR and the Data Protection Act 2018 apply from your first customer email address. ICO action against small businesses for inadequate privacy notices and unmanaged staff access is common.

Does the audit cover AI tool usage?

Yes. We review which AI tools your team is using and whether the data put into them is consistent with your privacy notices and lawful basis. This is one of the most common gaps we find.

Will this register us with the ICO?

No, registration is a self-serve process at ico.org.uk. We can tell you whether you are required to register and help complete the assessment.

Do you draft privacy notices?

We review your existing notices against your actual processing and produce a list of changes. Drafting a full new notice from scratch is available as part of an annual or retained package.

Need more than just this?

If you've got two or more on your list, an annual or retained package usually works out cheaper.

See packages