The ICO’s overview on Data Protection and the EU is a good summary of the situation to date on data protection and includes onward links to guidance on the UK GDPR.

There are a number of Data Protection control toolkits published on the ICO website that could be useful to internal auditors - especially those those creating their own audit programmes from scratch.

ICO’s data protection audit framework can help you assess your compliance with some of the key requirements under data protection law. It is suitable for large businesses and organisations in the public, private and third sectors. However it is not directly applicable to small businesses and organisations, or organisations processing personal information subject to Part 4 of the DPA 2018.

Small businesses and organisations should instead use ICO's resources on its resources directory which includes a data protection self-assessment tool for small organisations. 

Other resources on the ICO website:

• Toolkits on accountability, records management, information & cyber security, training and awareness, data sharing, requests for access, personal data breach management, artificial intelligence, and age appropriate design
• Compliance trackers for the same areas.

You can subscribe for the monthly ICO newsletter and also look out for their upcoming events such as their event on 22 May 2025 on Anonymisation and Pseudonymisation guidance.