Data licence compliance is a legal and commercial imperative

Organisations that provide data to third parties have a legal responsibility to assure compliance with any limitations placed on the data. It is an essential data protection requirement to ensure that data is only used in ways that are compatible with the information provided to the person the data relates to and the consent they gave. It is also a commercial imperative that data cannot be used outside the scope of the licence purchased.

DQM GRC is long established as the leading provider of data licence assurance services to the UK’s commercial data owners.

Discover more about our data license audit service below 
Data licence compliance

How does a Data license audit work?

Our specialist second party auditors will work with you to create a bespoke audit plan to meet your needs and requirements.

1.

Audit templates

We will create one or more bespoke audit templates based on the terms of your licences or contracts for your approval.
This process includes establishing the audit framework and criteria to ensure that our audit is appropriately sensitised to areas of non-compliance.



2.

Test audit

We will carry out a test audit to ensure that the audit template works as intended and the report meets your requirements.


3.

Audit plan

We will work with you to design a suitable audit plan and schedule. This includes defining the scope and frequency of audits.


4.

The audits

We will carry out the audits according to the agreed plan.
Depending on your preference, we can work directly with the audit subjects to schedule the audits or you can do this yourselves.



5.

Formal procedural steps

We will work with you to monitor the ongoing effectiveness of the audits.
The frequency of this review cycle will be agreed with you, but will be triggered by changes to contract or licence terms, known breaches and incidents and will take place at least annually.

What to expect

Your auditor will typically take two days to complete an audit.

The audit will be a combination of interviews with key individuals, reviews of documentation and sample checking. We aim to provide written reports to you within 10 working days of the audit commencing.

If you wish, our consultants can work with your audit subjects to help them address areas of non-compliance. We can maintain strict Chinese walls between our audit and consultancy teams.

Bespoke auditing solutions

Make it your own

We can tailor your audit programme to your specific needs and requirements. Examples include:

  • Helping you to define standards for your data recipients to meet
  • Reviewing your contracts and licences to ensure they remain in line with best practice and protect you and your data subjects appropriately
  • Incorporating a data seeding programme to provide evidence of data usage
  • Any other support to meet your needs – just ask

contact us