The Information Commissioner's Office (ICO) has published a draft code of practice for its new auditing powers, which come into effect in April 2010.
The ICO has invited stakeholders to give feedback by 24 March 2010 on the proposed framework for how audits will be conducted.
The final version of the Code of Practice for Assessment Notices will be published in April 2010 in line with the extended data protection audit powers available to the ICO under the Coroners and Justice Act of 2009.
The powers will initially enable the ICO to serve compulsory audit notices only on central government departments.
"But, we will, where we can make a good case, seek to extend our powers to undertake compulsory audits in the rest of the public and private sectors," said David Smith, deputy commissioner at the ICO.
The powers will also enable the ICO to fine organisations up to £500,000 for serious breaches of data protection laws.