GDPR Compliance Audit

We can audit: your company, single processes, products, software in order to comply with the General Data Protection Regulation (GDPR), eliminate gaps and demonstrate compliance to partners or just to see the whole picture.

Why is audit important?


  1.  It provides heads of the company with clear vision about data protection in the company and define gaps.
  2. Audit is a start point for project development or GDPR compliance action plan.
  3. Demonstration of company’s GDPR compliance to the companies-contractors.



Audit benefits

Measures and helps improve compliance with the internal data protection system.
Increases the level of data protection awareness among management and staff.
Provides information for data protection system review.
Improves client satisfaction by reducing the likelihood of errors leading to a complaint.

During the audit:

  1. Presence of mechanisms which ensure that data is processed based on one of the legal grounds mentioned in art. 6 of the GDPR; fairly and in a transparent manner with respect to data subjects.
  1. Whether information is kept up to date and in limited scope necessary in relation to the purpose for which it is processed.
  1. The period for which the personal data will be stored is adequate and when expired, the information is erased.
  1. A subject has the rights to access, to be forgotten, to rectification and etc.
  1. The company complies with national laws, regulations and guidelines of supervisory authorities in the area of data protection.
  1. Data protection system is effective and functions according to best practices.
  1. Company is able to demonstrate compliance with data protection requirements to supervisory authorities, data subjects, business-partners.
Duration Duration
1-2 weeks
Price Price

Work stages

Step 1.

We fill out the checklist to access the level of GDPR compliance.

Step 2.

Interview heads of departments and employees, and analyze document and material evidence.

Step 3.

Draw up an auditor’s report.

Step 4.

We present and discuss the report.


Siarhei Varankevich CIPP/E, CIPM, MBA, FIP
Founder of Data Privacy Office LLC. Data Protection Trainer and Principal Consultant
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM). Started to work with the GDPR draft version, in 2015, in Munich. Defended his MBA thesis about the Regulation, in Bremen, in 2016. In 2020, he was awarded the title of IAPP Fellow of Information Privacy (FIP) thanks to the recommendations of respected experts.

Siarhei delivered hundreds of consultations on GDPR issues to companies around the world. He helped to implement the GDPR program as an external project manager in over 50 companies.

In LinkedIn
Olga Zavalniuk CIPP/E, CIPP/US
Senior Consultant DPO LLC, Data Protection Officer
Expert in Data Privacy, Certified Information Privacy Professional (CIPP/E & CIPP/US - Europe & United States), member of International Association of Privacy Professionals (IAPP)

Olga provides consulting services, as well as external DPO support. Her practical experience in implementing the principles and concepts of personal data protection into day-to-day business acquired in the United States and subsequent work with European and former-USSR companies allows her to find solutions for a wide spectrum of clients.



    The course is loading, wait a few seconds