GDPR audit

Data protection audit will determine whether your controls, policies and procedures meet the requirements of GDPR and, improvement opportunities.

Benefits of GDPR audit:

  • Identifying high risk areas and opportunities for operational efficiencies.
  • Ensuring that policies and procedures reflect current practices.
  • Mitigating risks by highlighting areas of weakness.
  • Demonstrating and documenting alignment for compliance purposes.
  • Increased level of privacy awareness among employees.

Areas covered by GDPR audit

GDPR audit scope might cover following topics including but not limited to:

  • data protection governance, policies and procedures;
  • management of records of personal data processing activities;
  • Vendors on-boarding process;
  • data transfers and data processing agreements with data processors;
  • personal data request, including requests by individuals for copies of their data as well as those made by third parties;
  • technical and organizational security measures of personal data;
  • data breach management and notification policy and related processes;
  • staff privacy awareness level and training.

Organisations need to perform regular internal audits to assess their compliance effectiveness. Documented audits are vital in the event of a breach or complaint because they show good-faith effort and could help to avoid huge fines.

GDPR audit is carried out using structured questionnaires, conducting on-site visits and interviews, etc.

ECOVIS ProventusLaw can:

  • Conduct GDPR audit.
  • Consult how to conduct GDPR audit.
  • Prepare and/or revise procedures related to GDPR audit.

Loreta Andziulytė

Lawyer, attorney at law, partner of the law firm, CIPP/E.

Contact person