GDPR COMPLIANCE AUDIT

GDPR VERIFICATION CONCERNING COMPLIANCE (GAP ANALYSIS)

Auditing relative to existing compliance, proposed corrections and protection measures




By this type of verification, the degree of compliance of the company with the Regulation is determined and the actions and steps that need to be taken to achieve and maintain compliance are defined. Furthermore, there is an assessment of the situation in relation to the requirements of the regulation and the proposal of corrections and measures in accordance with the organizational and financial capabilities of the business entity. The audit is conducted by the DPO with its team.

An internal audit of compliance with the requirements of the General Data Protection Regulation (GDPR) can be conducted for the whole or for a specific part of the business activity and for a particular work process.

It may be an initial, basic audit of adjusting operations to GDPR or a periodic review of existing measures and proposing new measures in accordance with current needs and conditions.




GDPR CONFORMITY VERIFICATION (AUDITS) CAN BE PERFORMED FOR

- Business activity as a whole or its individual parts
- A certain individual process
- Specific organizational protection measure - includes policies and internal procedures
- Verification of the processors
- Reviewing and analysis of existing organizational and technical data protection measures with proposed correction;
-Analysis of the activity of processing of personal data and proposal of implementation of organizational and technical protection measures of processing in accordance with the organizational and financial capabilities of the entity.

The GDPR Compliance Audit is a unique proposal for business harmonization and proposals for organizational and technical protection measures that are in accordance with entity’s actual needs and financial capabilities, regardless of whether it is an initial arrangement or a periodic audit.

Auditing relative to a certain process
An audit of a particular process includes an analysis of all the processes that is performed in that process and an analysis of how the data is handled during and after processing. On the basis of the performed analyses, a control document is prepared with the established status, opinion and proposals for corrections and regulation of data protection measures for the process in question.

Verification of individual organizational protection measures
Verification of the existing organizational protection measures, which may include individual policies, internal procedures, etc., and suggestions concerning corrections for identified omissions which are in accordance with the capabilities and needs of the business entity and, accordingly, reflect the highest degree of protection.

Verification of the processors
Processing contractors are subjected to compliance verification and verifications for appropriate protection of personal data with respect to the processing performed by the Processing Manager. This type of verification, by its nature, can be regular or exceptional.