GDPR compliance audit – protection of personal data
It is difficult to call the GDPR a new regulation…
However, due to its nature and a fundamental change in the approach to personal data protection in relation to the “old” Acts, we are constantly adapting to the new regulations on the protection of personal data.
The time to verify GDPR compliance comes:
- before or during the adaptation work as an aid to establish the right direction for the project; avoids mistakes during implementation,
- after an intensive implementation period as a tool to confirm compliance and allow for the necessary corrections,
- periodically performed on a partial basis as a tool for independent assessment of the correctness of operation of the new personal data protection system.
Our experience allows us to objectively assess the state of compliance and adaptation to the performed activity.
The data protection system is not only relevant due to the potential penalties resulting from the GDPR. It should be an active element in realistically improving the security of data, both data on “paper” and processed in IT systems.
During the audit, in addition to compliance with individual articles of the GDPR, we assess more than a “classic” law firm, in particular:
- compliance with the guidelines and recommendations of the Personal Data Protection Office,
- compliance with draft future codes of conduct (Article 40 of the GDPR),
- the methodology used to assess the risk,
- linking risk assessment with impact assessment,
- adequacy of the results of risk assessment to the activity,
- effectiveness of the IT security measures used,
- effectiveness of raising awareness among employees and other processors,
- security of relations with other entities to which data is entrusted and shared.
We have been auditing for over 15 years
We know how and what to ask to obtain an objective picture of the situation. Take a look at our client list and ask us about our experience. Find out what you can achieve by effectively managing your audit programme.