Data security, governance and UK data protection assurance in the modern digital workplace
This one-day course gives UK internal auditors the practical tools, knowledge, and confidence to challenge data protection controls, assess IT governance, and recognise emerging cyber threats.
As organisations become increasingly digital and employees work across multiple locations
and devices, the risk landscape around data security and privacy continues to expand.
Remote access, cloud-based tools, personal devices and AI-enabled systems all introduce
new vulnerabilities that internal auditors must understand and be prepared to challenge.
At the same time, the UK regulatory environment is evolving. Alongside UK GDPR and the
Data Protection Act 2018, the Data (Use and Access) Act 2025 introduces further
requirements around lawful access, data minimisation, accountability, and transparency.
Boards and regulators now expect internal audit functions to provide robust assurance over
how organisations protect and manage data in this complex environment.
This one-day course equips internal auditors with the knowledge and practical techniques
needed to assess data protection, data governance and cybersecurity controls with
confidence. It provides a clear, up-to-date view of the UK’s data protection landscape and
shows how auditors can evaluate whether organisational safeguards are fit for purpose in
today’s digital working world.
Course overview
This course is ideal for:
▪ Internal auditors and audit managers
▪ Heads of Internal Audit
▪ Risk, governance, and compliance professionals
▪ Data protection and information governance specialists
By the end of the course, you will be able to:
▪ Identify key data exposures associated with digital and remote working practices
▪ Assess the adequacy of data protection and security controls
▪ Understand and apply the requirements of UK GDPR, the Data Protection Act 2018,
and the Data (Use and Access) Act 2025
▪ Evaluate IT governance arrangements and determine whether they provide effective
protection
▪ Recognise emerging cyber threats and their implications for audit planning
▪ Strengthen assurance over data governance, compliance, and organisational
resilience.
This course provides a practical, audit-focused examination of the risks and obligations
associated with data management in today’s digital workplace.
Key topics include:
▪ How modern digital working challenges data governance, IT security, and audit
oversight
▪ Current and emerging data security threats: ransomware, phishing, social engineering,
cloud risks, and AI-driven attacks
▪ IT governance frameworks and best-practice approaches for internal auditors
▪ UK GDPR & Data Protection Act 2018 — key accountability and audit requirements
▪ The Data (Use and Access) Act 2025 — implications for access controls, data sharing,
minimisation, and organisational responsibility
▪ Ensuring data security and compliance through monitoring, oversight, and assurance
▪ Data Loss Prevention (DLP): technical controls, behavioural controls, and process
safeguards
▪ Practical techniques for assessing data maturity, control effectiveness, and risk
mitigation.
- Performance (Fraud | Internal control | Risk management)
- Environment (Information technology)