GDRP Audit

GDPR Audit

The GDPR audit provides for the verification of the compliance of data processing and data protection processes and IT systems with the GDPR.

GDPR Audit

Personal data protection

Ensuring the security of personal data processed is the responsibility of any company. The GDPR audit is to assess whether the internal processes of data processing and data protection and IT systems are compliant with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016. (GDPR).

GDPR compliance audit aims at checking whether the processing of data in an organisation is carried out in accordance with the regulations in force and at determining the sufficiency of the applied safeguards (organisational and technical measures), i.e. identifying the actual level of data protection in the organisation.

GDPR audit - why recommended?

GDPR audit will highlight the strengths and weaknesses of your company's data protection processes. Following the audit, Crowe experts will provide a comprehensive GDPR compliance assessment report and/or data mapping report.

The client can take the necessary measures, based on the reports received, to implement, adapt and upgrade data protection procedures, according to GDPR requirements and the recommendations of our experts.

GDPR audit also provides answers to the most crucial questions concerning personal data protection:

  • whether the organisation needs to appoint a Data Protection Officer (DPO),
  • whether the confidentiality clauses used are compliant with the GDPR provisions,
  • whether the organisation processes special types of data and, if so, whether the protection is adequate and proportionate to the potential risks.

GDPR audit helps to reduce the risk of personal data protection violations in a company, protecting the company against potential penalties imposed by the PDPO in case of detecting any irregularities during the audit.

Check our offer: Outsourcing of the Data Protection Officer

GDPR audit - scope of the Crowe service

GDPR audit is a service dedicated both to organisations planning to implement data protection processes and to clients who process personal data and need to assess the effectiveness of implemented safeguards.

Moreover, according to the GDPR Act, it is recommended to periodically review the data protection safeguards used and it is the responsibility of the Administrator to implement appropriate data protection policies / procedures.

GDPR compliance audit may take the following forms:

  • periodic GDPR audit, carried out at regular intervals
  • partial GDPR audit e.g. of the HR department, related to the implementation of the required personal data protection procedures
  • comprehensive GDPR audit, conducted in the initial phase of creating an effective personal data protection system

GDPR audit may be carried out for the entire organisation, for individual companies within a capital group, or only for specific areas, e.g. HR, Sales, Marketing.

See also: GDPR audits in HR departments

As part of the GDPR audit, we provide the following support:

  • Analysis of data processing, as part of which Crowe experts will verify:
  • Categories of persons processed (employees, clients, contractors)
  • Scope of data processing (including special categories of data)
  • Purposes of data processing
  • Legal basis of data processing
  • Method and time of data processing
  • Checking whether the requests made by those to whom the data relate have been fulfilled:
    • right of access to information
    • the right to have data corrected or erased
    • the right to limit processing
    • the right to have data corrected
    • the right to data portability
    • the right to object
    • information on automated decision-making in individual cases

  • Verification of the conditions for consent and compliance with the information obligation
  • Review of the process of entrusting personal data, including review of the personal data entrustment agreement template
  • Review of existing technical and organisational measures (policies, technical safeguards and other documents on personal data protection)
  • Verification regarding profiling rules and cookies

Crowe clients as part of the GDPR audit service receive:

  • GDPR compliance assessment report
  • Data mapping report
  • Recommendations on how to ensure compliance with regulations based on good market practice.

Contact us

Violetta Matusiak
Violetta Matusiak
Data Protection Inspector