This document presents a conceptual framework and architecture for privacy audits. It discusses motivating the need for more efficient privacy audits given complex privacy laws. It outlines a three stage tool-enhanced audit process: 1) determine evaluation targets, 2) design metrics, and 3) build assessment tools. Key aspects include linking data protection goals to metrics, a conceptual model for privacy requirements, and an extensible architecture for assessment tools. The overall aim is to make privacy compliance audits less expensive.