Title Page

  • Audit carried out:

  • Name:

  • Company Background

  • Contact details: Email:

  • Company Address:

HR Questions

HR Management

  • Are the HR goals aligned with the organization?

  • Structure People Structure, Organisational Charts, Roles and Responsibilities known

  • Salary, grading, opportunities communicated for promotion


  • Does each position within the organization have a job description?

  • Are the job descriptions up to date?

  • Are job openings offered to current employees?

  • Is the employee turnover rate monitored?


  • Do new employees receive a contract and employee handbook?

  • Are the correct onboarding documents being issued?

  • Do new employees receive the right induction training?

  • Do new employees have follow up meetings/probation reviews?

Employee Relations

  • Are Performance Appraisals in place?

  • Are your practices in line with your policies?

  • Are you in line with ROI legislation?

  • Is there a clear and well communicated process in place for receiving and handling employee complaints/issues?

Training and Development

  • Are employees provided with training?

  • Are employees provided with opportunities to further develop their skills?

  • Is the provided training and opportunities within budget?

  • Do employees receive ongoing feedback?


  • Do all employees have a personnel file? Are they manual or on HRIS?

  • Are personnel files up to date?

  • Are documents kept for the required duration?

  • Does the organization comply with the ROI GDPR Laws?

Compensation & Benefits

  • Commission Schemes for each area/Dept

  • Bonus Schemes

  • Annual Salary Review

Comms & Engagement

  • Weekly meetings and management meetings in general

  • Are there regular meetings held across the teams?

  • Is there an open form of communication between HR and other departments?

  • Company Values Are they utilised and understood across the business. Are people living and breathing the values?


  • Does the organisation have a GDPR programme in place?

  • Does the organisation carry out profiling?

  • Do you process data on a large scale?

  • Do you process high risk data e.g. special category data, children’s data, criminal offence data, payment data, data that the organisation considers should be particularly protected

  • Does the company carry out transfers of large scale or high risk data to third parties?

  • Does the organisation process data on the basis of consent?

  • Does you use intake/new client/ onboarding forms either online or in person?

  • Does the organisation have a high staff turnover or take on seasonal staff?

  • Does the organisation hold data collected more than 7 years ago?

  • How often does the organisation carry out GDPR training?


  • Do you carry out processes for which the Data Commissioner's Office (DCO) states that a Data Protection Impact Assessment (DPIA) is mandatory?

  • Does the organisation report regularly receiving data subject rights requests?

  • Does the organisation have a DSAR procedure in place?

  • Does the organisation have a third-party register in place?

  • Is the organisation’s WiFi network visible in public or third party spaces?


  • Does the organisation work online, hybrid, open to the public or closed office?

  • Does the organisation outsource significant IT functions?

  • Does the organisation outsource any services to contractors?

  • Does the organisation have any Data Processing Agreements in place?

  • Does the organisation transfer any data outside the EU/EEA?


  • Does the organisation have any Standard Contractural Clauses in place?

  • Would an interruption to the organisation’s core personal data processing functions significantly negatively affect individuals?

  • Does the organisation have a a Data Breach procedure in place?

  • Does the organisaton have a Register of Processing Activities in place?

  • Is the organisation required to have a Data Protection Officer in place?


  • Who is responsible for GDPR within the organisation?

  • Does the DPO or person in charge of GDPR have direct access to management?

  • Does the organisation have any segregation of duties procdures in place?

  • Does the organisation have a business continuity plan in place?

  • Does the organisation have a website and when were the polices reviewed last?


  • Does the organisation have a social media presence and is there an apppointed person for this role?

  • Does the organisation have any CCTV in place?

  • Does the organisation have a data deletion policy in place?

The templates available in our Public Library have been created by our customers and employees to help get you started using SafetyCulture's solutions. The templates are intended to be used as hypothetical examples only and should not be used as a substitute for professional advice. You should seek your own professional advice to determine if the use of a template is permissible in your workplace or jurisdiction. You should independently determine whether the template is suitable for your circumstances.