Personal data security audit of your business
INTERNAL GDPR COMPLIANCE AUDIT
GDPR compliance audit is an obligation
In accordance with Article 24(1) of the GDPR, the controller (a company), “shall implement appropriate technical and organisational measures […]. Those measures shall be reviewed and updated where necessary.”
AFRAID OF AN INSPECTION BY AN AUTHORITY, HEFTY FINANCIAL PENALTIES AND LOSS OF BUSINESS REPUTATION?
CONCERNED ABOUT YOUR COMPANY’S SAFETY AND COMPLIANCE WITH THE GDPR?
NOT SURE WHETHER THE GDPR HAS BEEN IMPLEMENTED CORRECTLY?
WANT TO IMPLEMENT THE GDPR TO FEEL SAFE AND STOP WORRYING ABOUT IT?
SCOPE OF THE AUDIT – PERSONAL DATA SECURITY IN YOUR COMPANY
A GDPR compliance audit should cover:
The results of the GDPR compliance audit provide an opportunity to ensure an adequate level of security of personal data and thus minimise the risk of negative incidents and penalties.
The audit should cover the policies, procedures, oversight system and responsibility with regard to data protection across the organisation.
Under the GDPR, organisations are required to use a risk-based approach to implement appropriate technical and organisational safeguards.
The GDPR sets out a requirement to prove the implementation of protection processes and to document them in the form of a personal data protection policy, data breach notification procedure, instructions, and procedures.
OBLIGATIONS OF EMPLOYEES
The GDPR compliance audit verifies how roles and responsibilities are reflected in actual workflows, as well as reviews employee onboarding and offboarding processes.
How do we conduct a GDPR Compliance Audit?
The audit is carried out by a certified Data Protection Officer.
GDPR COMPLIANCE AUDIT PROCESS:
WE VERIFY WHETHER A PROPER SECURITY POLICY FOR DATA PROCESSING IS IN PLACE
WE VERIFY WHETHER THE COMPANY KEEPS UP-TO-DATE RECORDS OF AUTHORISATIONS TO PROCESS DATA
WE VERIFY WHETHER THE COMPANY’S EMPLOYEES HAVE THE NECESSARY TRAINING, AUTHORISATIONS AND CERTIFICATES
WE VERIFY WHETHER ADEQUATE DATA PROTECTION PROCEDURES AND INSTRUCTIONS HAVE BEEN PUT IN PLACE
WE CHECK WHETHER INFORMATION SECURITY PRINCIPLES ARE FOLLOWED IN PRACTICE BY INTERVIEWING STAFF
WE PREPARE AN AUDIT REPORT WITH RECOMMENDATIONS AND ASSIST IN IMPLEMENTING THE GDPR
Factors influencing the quality of a GDPR compliance audit
Is there a recipe for a high quality GDPR compliance audit? We know how to build a solid foundation for a well-conducted audit.
A competent auditor
To maintain objectivity, it is recommended to outsource the GDPR compliance audit. The auditor should have adequate knowledge and skills in broadly understood data protection. At the same time, the auditor is required to have more than a basic knowledge of IT systems, which in the age of digitisation play a key role in the operation of companies.
A good plan
The key to a successful GDPR compliance audit is a well-thought-out plan that identifies the essential processes of personal data processing. Such a plan should take into account the various activities that are part of a GDPR compliance audit, such as interviewing staff and reviewing current documentation. Deadlines should be set prudently.
The right tools
The result of a data protection audit should be authoritative, which is why it is important to decide whether the monitoring of a particular process requires only interviews with staff or there is also a need for an inspection of the processing location or an examination of external data storage media. This is crucial for the preparation of the plan. The right tools influence the time necessary to complete the audit.