We carry out the audits for compliance of personal data processing with the provisions of the general data protection regulation (GDPR) as well as common safety standards and norms . In the course of the audits we detect incompliance cases that may pose the risk for the hassle-free functioning of the client’s business processes in connection with personal data processing.
The personal data processing auditing intends to detect the irregularities in the personal data processing within the organisation. This will allow the entity undergoing the auditing to take actions in order to enhance the level of compliance with the personal data protection provisions as well as the awareness of the organisation’s staff about the current state of personal data protection level.
In the course of the data protection auditing, the following areas shall be verified: * Documentation with regards to personal data processing for quality and validity * Legal bases and the methods of personal data processing * The flow of personal data within the organisation and outside it * The processes like personal data collection, data protecting or personal data deletion * Applications and technical solutions used for personal data processing * Contracts concluded with other entities with regards to personal data processing
The personal data protection auditing results in a report being drawn up in a paper, electronic or interactive version. The said report shall contain information regarding the actions taken by an auditor, irregularities identified, threats and strengths of the organisation
Subsequent steps after the auditing shall include predominantly the implementation of the changes in the personal data protection system. The clients may perform this task independently or may commission the implementation supervision to us (running another auditing after the implementation) or delegate the tasks related to the implementation including the elaboration of the relevant documentation, testing of various amendments implemented and others.
On some occasions, in the course of the auditing or once the personal data protection system has been implemented we advise our clients to perform the auditing of the source code with regards to the software developed within the organisation or running the penetration testing. Such commissions intend to verify the quality and safety level for IT solutions and infrastructure.