GDPR audits and deployments
How to adequately protect personal data within the organisation? What procedures and documents need to be introduced to meet the requirements of the European data protection regulation? These questions are frequently asked by entrepreneurs and public institutions. The GDPR audit requires a number of analytical procedures to optimise data protection solutions in a company. Andersen’s professionals perform personal data audits which consist of:
- identification of the processed personal data,
- verification of the processing procedures, which includes checking the legality (legal basis) of data processing,
- review of personal data protection documentation in terms of its validity and compliance,
- review of the security procedures in place,
- verification of contracts under which personal data is made accessible to third parties,
- evaluation of the need to appoint the data protection officer.
We perform the audit tasks using our own methods, based on the information provided to us by clients, in particular interviews with staff members responsible for cooperation with customers, HR employees, IT staff, employees and persons responsible for international data transfers, as well as documents presented to us for verification. As part of the audit, our experts observe the processing operations “live”. The audit leads to preparation of a report identifying threats (“red flags”) and steps to be taken to make the personal data processing compliant with the law (recommendations).
The audit and implementation of the recommended measures are necessary to identify errors in data processing in the enterprise which may be the basis for fines in the event of an inspection.