GDPR audit

Data protection audit will determine whether your controls, policies and procedures meet the requirements of the GDPR and also will provide opportunities for improvement.

Benefits of GDPR audit:

  • identifies high risk areas and opportunities for operational efficiencies;
  • ensures that policies and procedures reflect current practices;
  • helps to mitigate the risks by highlighting areas of weakness;
  • demonstrates and documents alignment for compliance purposes;
  • provides increased level of privacy awareness among employees.

Areas covered by the GDPR audit

The scope of the GDPR audit might cover the following topics including but not limited to:

  • data protection governance, policies and procedures;
  • management of records of personal data processing activities;
  • vendors’ on-boarding process;
  • data transfers and data processing agreements with data processors;
  • personal data requests, including requests of individuals for copies of their data as well as those made by the third parties;
  • technical and organizational security measures of personal data;
  • data breach management and notification policy as well as related processes;
  • staff’s level of privacy awareness and training.

Organisations have to perform regular internal audits in order to assess their compliance effectiveness. Documented audits are vital in the event of a breach or complaint because they show good-faith effort and could help to avoid huge fines.

The GDPR audit is carried out using structured questionnaires, conducting on-site visits and interviews, etc.

ECOVIS ProventusLaw can:

  • conduct GDPR audit;
  • consult on how GDPR audit should be conducted;
  • prepare and/or revise procedures related to GDPR audit.

Loreta Andziulytė

Lawyer, attorney at law, partner of the law firm, CIPP/E.

Contact person