Some information about ICO Audits and Advisory Visits
Since May 2018 ICO has carried out a number of Audits and Advisory visits in schools and MATs throughout England. These are different since the aim of an Advisory Visit is to give practical advice on how to improve data protection practices. It normally involves a one day visit from the ICO and a short follow up report which is not made public.
An Audit on the other hand provides a real assessment of whether schools and MATs are following good data protection practice. ICO will look at whether effective controls are in place alongside fit for purpose policies and procedures. There is a check against data protection legislation and the resulting report which makes recommendations on how to improve is published.