Data Protection Self-Audit
Conduct the audit at regular intervals to fulfil your obligations as a controller under the GDPR. You will receive the audit protocol via email afterwards.
Important: Do not delete this email, as it can serve as proof of properly maintained data protection documentation.
The Data Protection Audit
It serves as an inventory and legally compliant documentation.
By regularly reviewing the implementation of data protection measures, you prevent fines and fulfil your supervisory obligations.
Why do I need a data protection audit?
A data protection audit helps to identify weaknesses in an organization’s data protection practices. These may include security vulnerabilities, inadequate privacy policies, or a lack of employee training.
Tip: Involve your employees!
Conduct interviews, make use of their expertise when filling out the questionnaire, and check whether your employees have the necessary knowledge regarding data protection.
Combine the audit with employee training.
Your data-processing employees are required to provide proof of data protection training each year. During the audit, check whether all employees have completed the training.
Why is there an "Add element" button in the form?
This is necessary to add additional processing activities or data processors and gives you flexibility for individual comments on each added element.
The "Processes" step refers to a data protection impact assessment—what is that?
Particularly critical processing activities require risk minimisation through technical and organisational measures. To identify whether such activities pose a high risk, a data protection impact assessment must be carried out.