If you have not yet comprehensively addressed the GDPR, or if you are interested in a professional assessment of whether you comply with the GDPR obligations, you will first need to map in detail what personal data you process, whether you have a proper reason to do so, how you process this data and how you protect it against alteration or misuse. A GDPR audit is the first step to ensuring GDPR compliance.
As part of a GDPR audit, you need to assess whether your organisation complies with the requirements for processing personal data:
- at the procedural level - the existence of appropriate documentation both vis-à-vis the data subjects and within your organisation
- at the organisational and administrative level - the establishment of organisational measures to ensure the proper and secure processing of personal data by authorised and properly instructed persons
- at the technical level - the implementation of technical solutions and measures to ensure the security of the processing of personal data, especially when: collecting the personal data, ensuring that data subjects are able to exercise all of their rights, erasing or anonymising the personal data.
GDPR audits are usually conducted in the form of a GAP analysis, through personal interviews with management employees, but also through personal investigations in your organization. After the GDPR audit, you will receive a report that identifies possible risks or shortcomings of your current solution as well as a proposal to address these shortcomings.
info@barthelemy.cz
+420 220 580 003