Practical GDPR: The Active Audit


Fab Fitness is a successful chain of fitness centres operating across in the north of England, attracting gym fanatics and fitness newbies alike. After ten successful years, Fab’s management want to expand their community-based approach across the UK. They are considering buying an ailing fitness chain in the Midlands: Spartan Gyms. Run by a steroid-abusing former weightlifter, Steve Gold, Spartan is losing huge sums of money. Gold wants to sell the business outright, but insiders have warned Fab’s owners that there are significant compliance problems.
Fab can buy the gym sites fairly cheaply, but for not much more, they can take on Spartan as a going concern with all of their customer data, and then gradually introduce Fab’s standard approach. They’re asking you, their trusted DPOs from Get Data Protection Right, to review the policies and procedures that the company has in place, and then conduct some quick and dirty interviews of the organisation’s staff. Fab want to know whether they should buy a business, or just some buildings.
In the morning, you will carry out an audit of Spartan’s policies and procedures to see whether they are up to speed and whether anything is missing – privacy notices, application forms, and DP policies will all be on show. In the afternoon, you will put together a plan to carry out a compliance audit of the company, including examining interviews to see what improvements the organisation needs to make.


The course runs at 2.5 – 3 hours and is fully interactive. There are materials that you will need to read in order to prepare properly for this course. You will need a working microphone to participate (camera not required).

Course cost: £125.00 + VAT

9.30am, 6th May 2021