GDPR Compliance Audit

 

 

"Why is GDPR so stupid?" consistently remained in the top 10 Google search queries since the Regulation has entered into force.

Why? The answer is simple — often, companies do not understand what the GDPR is and what needs to be done to comply with it. The problem can be solved by a GDPR audit — a tool that allows checking companies’ individual processes, products, or software for compliance with the General Data Protection Regulation..

 

Why is the GDPR audit important?

 

dpo

It allows managers to understand the status of personal data protection within the company, to identify weaknesses within personal data protection systems.

 

dpo

It allows employees to get a plan for specific actions to prepare for the GDPR and implement the Regulation’s requirements (GDPR compliance action plan).

 

dpo

It allows to demonstrate to partners how the company complies with the GDPR.

It may be inefficient to assign the work on the GDPR to employees of the company or a corporate lawyer.

 

There are 3 reasons for this:

  1. Employees often do not have special education in the field of personal data protection.
  2. Employees are not motivated to conduct a GDPR audit because they do not see the whole picture and do not know how to proceed.
  3. Employees do not have time because work responsibilities remain, and the GDPR compliance is postponed.
  4.  

The audit will be of poor quality and you will simply waste time and resources to conduct it.

 

How to do it: assign the work of conducting the GDPR audit to our consultants who will do all the work quickly and efficiently.

Consultants

Siarhei Varankevich CIPP/E, CIPM, MBA, FIP
Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn
Privacy Expert
Academic, lawyer (Québec Bar), Ph.D. (France), LL.M. (Canada and Switzerland). Worked in Canada, France, and Switzerland, including as a consultant on comparative privacy law for the Department of Justice of Québec. Fluent in French and English.
Maria Arnst CIPM, TÜV, Strategic Privacy by Design, DPP
Data Protection Officer, GDPR Consultant, Privacy researcher
Certified Information Privacy Manager, member of International Association of Privacy Professionals with experience of being a Data Protection Officer for European companies, including those focused on privacy and data security. Certified as Data Protection Officer by TÜV (Germany's leading and one of the world's leading independent testing and certification services group), trained in Strategic Privacy by Design.
Elena Sebjakina CIPP/E, Privacy by design
Data Protection Officer, GDPR Consultant
Since 2014, Elena has specialized in personal data, until June 2020 she worked as a Global DPO in an international IT company and implemented GDPR processes in a group of companies. Introduced the principles of GDPR in all areas of the holding. Under the leadership of Elena, a web portal was created to collect electronic consents and process requests from personal data subjects; the process of processing personal data of Breach cases.

What will we do?

✓ We will verify that data are collected and processed on the grounds mentioned in Article 6 of the GDPR.

✓ We will determine whether the personal information processed is limited to what is necessary to achieve the processing goals.

✓ We will find out whether storage periods are adequate and whether the unnecessary information is deleted after these periods expire.

✓ We will assess if data subjects’ rights are respected.

✓ We will determine whether national laws, regulations, and instructions of supervisory authorities in the field of personal data protection are implemented.

✓ We will make sure that "best practices" and court precedents are taken into account in order to maintain personal data protection systems.

✓ We will assess whether the company demonstrates compliance with privacy standards to supervisory authorities, entities, and business partners.

Work stages

 

Step 1. We fill out a checklist to assess the level of GDPR compliance.

Step 2. We interview heads of departments and employees and analyze documents and material evidence.

Step 3. Draw up an audit report.

Step 4. We present and discuss the report.

 

The GDPR audit benefits:

 

1) Promotes compliance with the Regulation.

2) Measures and improves the compliance with internal rules for the protection of personal data.

3) Provides the necessary information for the revision of personal data protection systems.

4) Increases awareness of data protection among the management and employees.

5) Increases the authority of the company in front of customers and partners.

 

Duration Duration
Duration
1-2 weeks
Price Price
Price
Negotiable

The feedback form






    The course is loading, wait a few seconds