Privacy policy and notice audit

The General Data Protection Regulation (GDPR) requires that data subjects — users, customers, and even employees — be informed of a whole list of up-to-date information related to the processing of personal data.

This list is set out in Articles 13 and 14 of the Regulation and includes the contacts of your data protection officer, purposes and legal grounds for each processing, categories of data that are being processed, facts and conditions of cross-border transfer, references to the rights of data subjects, and so on.

Companies have been fined for not properly complying with these requirements, because the privacy policy is the "face" of your company or product. This is the first thing that the user or a meticulous representative of the supervisory authority sees.

And if you have made the right decision and have already developed a privacy policy yourself, it should be checked for compliance with the Regulation at least once a year — the legislation is changed periodically, some details of processing can be adjusted.

It is quite difficult to constantly monitor changes in the legislation on personal data and keep the privacy policy up to date. Therefore, we offer the services of certified GDPR specialists to conduct an audit of your privacy policy.

1. Check internally written privacy policy for gaps, shortcomings or serious mistakes.
2. Get an opinion on the compliance of your privacy policy with the GDPR requirements or a list of shortcomings with recommendations for correcting them;
3. Secure your own business against complaints of data subjects, fines and inspections of supervisory authorities;
4. Demonstrate to partners, clients, and staff your commitment to transparency and enforcement of laws.

Step 1. Analysis of the privacy policy text.

Based on personal experience and best international practices, Data Privacy Office consultants have compiled a checklist for checking the privacy policy. This checklist is constantly updated. We use it to determine whether your privacy policy meets the requirements of the GDPR and the Guidelines on Transparency.

Step 2. Checking the results of the work by another consultant.

We always guarantee the quality of our services, so the final report is always checked by an experienced consultant to avoid possible errors.

Step 3. Making recommendations for corrections and additions.

After conducting the audit, the consultant will prepare recommendations for correcting the shortcomings. This information is the first step to be GDPR-compliant.

Step 4. Presentation and discussion of the final report.

We will not leave you alone with the results of the audit. During the presentation, we will explain the recommendations in detail so that you do not have any questions about compliance with Articles 13 and 14 of the GDPR.