Our DP Audit services can be applied across your complete organisation and across different legal entities , or it can be tailored to a specific department or a specific product or service offering.
While the methodology remains the same, the focus may differ depending on your objectives and sense of urgency.
Based on the requirements of our customers, we have tailored our service offerings as follows:
GDPR Verification Audit
GDPR verification provides an efficient high level audit to ensure that key elements of GDPR are in place.
This service is ideal to determine if your organisation of processor is GDPR compliant for the key elements.
360° DP Audit
This audit is the most extensive in terms of its end-to-end focus on the application of GDPR.
Small to Medium sized organisations tend to select this service to provide a complete picture of their GDPR readiness, while larger organisations may select it to focus on a specific legal entity, organisational unit or product/service offering across the different legal entities.
Legal Audit
As the name suggests, the DP Legal Audit will focus on the legal components only.
Clients may further choose to select specific parts of the organisation or specific service offerings or products.This type of Audit is often selected by a specific department or project team within the organisation to help highlight legal risks and readiness.
Accountability Audit
The Accountability Audit focuses on what can be regarded as the core elements of GDPR in your organisation.
This service is often triggered by the DPO, it’s office, the party responsible for data protection, or the Chief Risk Officer as it covers what is regarded as the core topics of GDPR (e.g. the register).
The service may be applied transversally across your organisation, or you may decide to focus on a specific service or department.
Rights of the Data Subject Audit
GDPR significantly strengthens the rights of Data Subjects and imposes new rights.
Even though some rights are not new, executing correctly on the rights can be a complex and large burden for an organisation.
Our audit services will robustly examine your organisation’s current readiness state for data subject’s user rights covering right to access, rectification, data portability, right to be forgotten, right to object, right to information etc. .
Mystery Shopping on Rights of the Data Subject
Many organizations are concerned about how they are perceived by their customers and how well they or their processors meet the demands set out by GDPR.
We offer this service within a controlled environment of your organisation (with a limited amount of people being informed upfront to allow for a qualitative validation).
Data & Information Management Audit
Key areas of your Data & Information Management organisation, practices, environments, processes etc. will be audited by our experienced data & information mgt. auditing team.
This service will focus on areas such as Data/Information Governance, Data Quality, Information and Data Architecture, Personal Data Flow Management, Enterprise Content Management, Big data and (advanced) Analytics, Metadata management. and more.
Data Protection by Design & Default Audit
We assess your organisation’s status with regards to one of the key but complex pillars of GDPR; Data Protection by Design & Default.
Our work will cover verifying relevant solutions, forms, architecture, processes & procedures, UI/UX, infrastructure, integrations, communications, and more.
Information Security & Incident Management
GDPR significantly raises the bar for organisations regarding all aspects of (information) security.
Our Information Security Audit Service assesses areas as Incident Detection and Categorisation, Response and Incident Management, Controller/Processor Agreements, DPA reporting, secure data transfers, the right level of training and awareness, encryption and hashing, etc.
The audit is based upon the most relevant ISO27K controls.
Penetration Testing
GDPR requires that you have a process for regularly testing, assessing and evaluating the effectiveness of these technical and organisational measures.
Managing and maintaining GDPR compliance requires a security infrastructure that can monitor and control the use and movement of data, identify the users, restrict access to only those users who need to access it, and to render the data unintelligible in the event it is accessed by an unauthorised user.
Next Steps
Get in touch today to discuss your specific requirements.