Title Page
-
Audit carried out:
-
Name:
-
Company Background
-
Contact details: Email:
-
Company Address:
HR Questions
HR Management
-
Are the HR goals aligned with the organization?
-
Structure People Structure, Organisational Charts, Roles and Responsibilities known
-
Salary, grading, opportunities communicated for promotion
Recruitment
-
Does each position within the organization have a job description?
-
Are the job descriptions up to date?
-
Are job openings offered to current employees?
-
Is the employee turnover rate monitored?
Onboarding
-
Do new employees receive a contract and employee handbook?
-
Are the correct onboarding documents being issued?
-
Do new employees receive the right induction training?
-
Do new employees have follow up meetings/probation reviews?
Employee Relations
-
Are Performance Appraisals in place?
-
Are your practices in line with your policies?
-
Are you in line with ROI legislation?
-
Is there a clear and well communicated process in place for receiving and handling employee complaints/issues?
Training and Development
-
Are employees provided with training?
-
Are employees provided with opportunities to further develop their skills?
-
Is the provided training and opportunities within budget?
-
Do employees receive ongoing feedback?
Documentation
-
Do all employees have a personnel file? Are they manual or on HRIS?
-
Are personnel files up to date?
-
Are documents kept for the required duration?
-
Does the organization comply with the ROI GDPR Laws?
Compensation & Benefits
-
Commission Schemes for each area/Dept
-
Bonus Schemes
-
Annual Salary Review
Comms & Engagement
-
Weekly meetings and management meetings in general
-
Are there regular meetings held across the teams?
-
Is there an open form of communication between HR and other departments?
-
Company Values Are they utilised and understood across the business. Are people living and breathing the values?
TO PUT IN TITLE
-
Does the organisation have a GDPR programme in place?
-
Does the organisation carry out profiling?
-
Do you process data on a large scale?
-
Do you process high risk data e.g. special category data, children’s data, criminal offence data, payment data, data that the organisation considers should be particularly protected
-
Does the company carry out transfers of large scale or high risk data to third parties?
TO PUT IN TITLE
-
Does the organisation process data on the basis of consent?
-
Does you use intake/new client/ onboarding forms either online or in person?
-
Does the organisation have a high staff turnover or take on seasonal staff?
-
Does the organisation hold data collected more than 7 years ago?
-
How often does the organisation carry out GDPR training?
TO PUT IN TITLE
-
Do you carry out processes for which the Data Commissioner's Office (DCO) states that a Data Protection Impact Assessment (DPIA) is mandatory?
-
Does the organisation report regularly receiving data subject rights requests?
-
Does the organisation have a DSAR procedure in place?
-
Does the organisation have a third-party register in place?
-
Is the organisation’s WiFi network visible in public or third party spaces?
TO PUT IN TITLE
-
Does the organisation work online, hybrid, open to the public or closed office?
-
Does the organisation outsource significant IT functions?
-
Does the organisation outsource any services to contractors?
-
Does the organisation have any Data Processing Agreements in place?
-
Does the organisation transfer any data outside the EU/EEA?
TO PUT IN TITLE
-
Does the organisation have any Standard Contractural Clauses in place?
-
Would an interruption to the organisation’s core personal data processing functions significantly negatively affect individuals?
-
Does the organisation have a a Data Breach procedure in place?
-
Does the organisaton have a Register of Processing Activities in place?
-
Is the organisation required to have a Data Protection Officer in place?
TO PUT IN TITLE
-
Who is responsible for GDPR within the organisation?
-
Does the DPO or person in charge of GDPR have direct access to management?
-
Does the organisation have any segregation of duties procdures in place?
-
Does the organisation have a business continuity plan in place?
-
Does the organisation have a website and when were the polices reviewed last?
TO PUT IN TITLE
-
Does the organisation have a social media presence and is there an apppointed person for this role?
-
Does the organisation have any CCTV in place?
-
Does the organisation have a data deletion policy in place?