recent work

ICO powerless to audit organisations that cause data protection concern

Following Christopher Graham’s revelation that there is a ‘systematic’ problem with data breaches in the NHS, he has now complained that he is ‘powerless to insist on auditing organisations in local government, the health service and the public sector’ – even though the majority of data breaches come from these sectors alone.

Currently, the Information Commissioner’s Office (ICO) must get consent from an organisation in order to be audited. Graham, Chief Information Commissioner thinks “something is clearly wrong when the regulator has to ask permission from the organisations causing us concern before we can audit their data protection practices”.

“Helping the healthcare sector, local government and businesses to handle personal data better are top priorities, and yet we are powerless to get in there and find out what is really going on.”.

Graham added: “With more data being collected about all of us than ever before, greater audit powers are urgently needed to ensure that the people handling our data are doing a proper job.”

DataWise, a service by Absolute Data, offers a free one-hour consultation to any organisation, which serves to highlight any data risks that might be being taken. The findings of the consultation can then suggest a whole array of services aimed to help you ensure compliance with the Data Protection Act.

Absolute Data is committed to ensuring companies and organisations, regardless of their size, create and follow realistic policies and procedures that are above the law. We can help your organisation create robust and effective data protection policies and procedures: we can spend some time getting to know what data-related activity your business partakes in, and ensure that your policies and procedures reflect this activity. We can also help to train your staff; not only in the importance of data protection, but how they can ensure they are fully adhering to data protection law. With the ICO’s power to fine up to £500,000 for data breaches, it is worth getting in touch with us to discuss how your organisation can ensure legal data compliance. Contact us now at, or call us on 01423 790125.